SC-100 Dump Free – 50 Practice Questions to Sharpen Your Exam Readiness.
Looking for a reliable way to prepare for your SC-100 certification? Our SC-100 Dump Free includes 50 exam-style practice questions designed to reflect real test scenarios—helping you study smarter and pass with confidence.
Using an SC-100 dump free set of questions can give you an edge in your exam prep by helping you:
- Understand the format and types of questions you’ll face
- Pinpoint weak areas and focus your study efforts
- Boost your confidence with realistic question practice
Below, you will find 50 free questions from our SC-100 Dump Free collection. These cover key topics and are structured to simulate the difficulty level of the real exam, making them a valuable tool for review or final prep.
DRAG DROP - You have a Microsoft 365 subscription. You need to recommend a security solution to monitor the following activities: • User accounts that were potentially compromised • Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF). Does this meet the goal?
A. Yes
B. No
You are designing a ransomware response plan that follows Microsoft Security Best Practices. You need to recommend a solution to limit the scope of damage of ransomware attacks without being locked out. What should you include in the recommendation?
A. device compliance policies
B. Privileged Access Workstations (PAWs)
C. Customer Lockbox for Microsoft Azure
D. emergency access accounts
HOTSPOT - You need to recommend a solution to meet the AWS requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation. You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Microsoft Defender for Containers
B. Microsoft Defender for servers
C. Azure Active Directory (Azure AD) Conditional Access
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
E. Azure Policy
HOTSPOT - Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII). The company plans to use Microsoft Information Protection for the PII data store in Azure. You need to recommend a solution to discover PII data at risk in the Azure resources. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
To meet the application security requirements, which two authentication methods must the applications support? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Security Assertion Markup Language (SAML)
B. NTLMv2
C. certificate-based authentication
D. Kerberos
HOTSPOT - You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2. You need to recommend a solution to secure the components of the copy process. What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You design cloud-based software as a service (SaaS) solutions. You need to recommend a recovery solution for ransomware attacks. The solution must follow Microsoft Security Best Practices. What should you recommend doing first?
A. Develop a privileged identity strategy.
B. Implement data protection.
C. Develop a privileged access strategy.
D. Prepare a recovery plan.
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines. You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure. What should you recommend?
A. a managed identity in Azure
B. an Azure AD user account that has role assignments in Azure AD Privileged Identity Management (PIM)
C. a group managed service account (gMSA)
D. an Azure AD user account that has a password stored in Azure Key Vault
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
A. From Defender for Cloud, enable Defender for Cloud plans.
B. From Azure Policy, assign a built-in initiative that has a scope of the subscription.
C. From Defender for Cloud, review the secure score recommendations.
D. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
DRAG DROP - You have a Microsoft 365 subscription. You need to recommend a security solution to monitor the following activities: ✑ User accounts that were potentially compromised ✑ Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? To answer, drag the appropriate components to the correct activities. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure. You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure. Which identity service should you include in the recommendation?
A. Azure Active Directory (Azure AD) B2C
B. Azure Active Directory Domain Services (Azure AD DS)
C. Azure Active Directory (Azure AD)
D. Active Directory Domain Services (AD DS)
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity-related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Azure AD workbooks to monitor risk detections
B. Azure AD Conditional Access integration with user flows and custom policies
C. smart account lockout in Azure AD B2C
D. access packages in Identity Governance
E. custom resource owner password credentials (ROPC) flows in Azure AD B2C
HOTSPOT - You are planning the security levels for a security access strategy. You need to identify which job roles to configure at which security levels. The solution must meet security best practices of the Microsoft Cybersecurity Reference Architectures (MCRA). Which security level should you configure for each job role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company has an Azure subscription that uses Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
A. From Defender for Cloud, review the Azure security baseline for audit report.
B. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
C. From Defender for Cloud, enable Defender for Cloud plans.
D. From Azure Policy, assign a built-in initiative that has a scope of the subscription.
HOTSPOT - Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements: ✑ Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel. ✑ Use Defender for Cloud to review alerts from the virtual machines. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Your company is preparing for cloud adoption. You are designing security for Azure landing zones. Which two preventative controls can you implement to increase the secure score? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Azure Web Application Firewall (WAF)
B. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C. Microsoft Sentinel
D. Azure Firewall
E. Microsoft Defender for Cloud alerts
You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL). You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment. What should you include during the application design phase?
A. software decomposition by using Microsoft Visual Studio Enterprise
B. dynamic application security testing (DAST) by using Veracode
C. threat modeling by using the Microsoft Threat Modeling Tool
D. static application security testing (SAST) by using SonarQube
You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD. You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices. You plan to remove all the domain accounts from the Administrators groups on the Windows computers. You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised. What should you include in the recommendation?
A. Local Administrator Password Solution (LAPS)
B. Azure AD Identity Protection
C. Azure AD Privileged Identity Management (PIM)
D. Privileged Access Workstations (PAWs)
HOTSPOT - You have an Azure subscription and an on-premises datacenter. The datacenter contains 100 servers that run Windows Server. All the servers are backed up to a Recovery Services vault by using Azure Backup and the Microsoft Azure Recovery Services (MARS) agent. You need to design a recovery solution for ransomware attacks that encrypt the on-premises servers. The solution must follow Microsoft Security Best Practices and protect against the following risks: • A compromised administrator account used to delete the backups from Azure Backup before encrypting the servers • A compromised administrator account used to disable the backups on the MARS agent before encrypting the servers What should you use for each risk? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources against ransomware based on Microsoft Security Best Practices. You need to prepare a post-breach response plan for compromised computers based on the Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices. What should you include in the response plan?
A. controlled folder access
B. application isolation
C. memory scanning
D. machine isolation
E. user isolation
Your company has an Azure subscription that uses Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
A. From Microsoft Sentinel, configure the Microsoft Defender for Cloud data connector.
B. From Microsoft Defender for Cloud Apps, create an access policy for cloud applications.
C. From Defender for Cloud, enable Defender for Cloud plans.
D. From Defender for Cloud, add a regulatory compliance standard.
HOTSPOT - You are designing the security architecture for a cloud-only environment. You are reviewing the integration point between Microsoft 365 Defender and other Microsoft cloud services based on Microsoft Cybersecurity Reference Architectures (MCRA). You need to recommend which Microsoft cloud services integrate directly with Microsoft 365 Defender and meet the following requirements: • Enforce data loss prevention (DLP) policies that can be managed directly from the Microsoft 365 Defender portal. • Detect and respond to security threats based on User and Entity Behavior Analytics (UEBA) with unified alerting. What should you include in the recommendation for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
A. app registrations in Azure Active Directory (Azure AD)
B. OAuth app policies in Microsoft Defender for Cloud Apps
C. Azure Security Benchmark compliance controls in Defender for Cloud
D. application control policies in Microsoft Defender for Endpoint
You have a Microsoft 365 subscription. You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA). You need to recommend a solution that automatically restricts access to Microsoft Exchange Online, SharePoint Online, and Teams in near-real-time (NRT) in response to the following Azure AD events: • A user account is disabled or deleted. • The password of a user is changed or reset. • All the refresh tokens for a user are revoked. • Multi-factor authentication (MFA) is enabled for a user. Which two features should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. continuous access evaluation
B. Azure AD Application Proxy
C. a sign-in risk policy
D. Azure AD Privileged Identity Management (PIM)
E. Conditional Access
HOTSPOT - You are evaluating the security of ClaimsApp. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model. Solution: You recommend implementing Azure Key Vault to store credentials. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You need to recommend a solution to meet the requirements for connections to ClaimsDB. What should you recommend using for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an operational model based on the Microsoft Cloud Adoption Framework for Azure. You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, databases, files, and storage accounts. What should you include in the recommendation?
A. business resilience
B. modem access control
C. network isolation
D. security baselines in the Microsoft Cloud Security Benchmark
DRAG DROP - Your company wants to optimize ransomware incident investigations. You need to recommend a plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach. Which three actions should you recommend performing in sequence in the plan? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Your company is developing a modern application that will un as an Azure App Service web app. You plan to perform threat modeling to identity potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?
A. system flow
B. data flow
C. process flow
D. network flow
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
A. app discovery anomaly detection policies in Microsoft Defender for Cloud Apps
B. Azure AD Conditional Access App Control policies
C. adaptive application controls in Defender for Cloud
D. app protection policies in Microsoft Endpoint Manager
You need to recommend a solution to meet the security requirements for the InfraSec group. What should you use to delegate the access?
A. a subscription
B. a custom role-based access control (RBAC) role
C. a resource group
D. a management group
You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment. During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Microsoft Sentinel threat intelligence workbooks
B. Microsoft Sentinel notebooks
C. threat intelligence reports in Defender for Cloud
D. workload protections in Defender for Cloud
You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?
A. just-in-time (JIT) VM access
B. an Azure Bastion host
C. Azure Virtual Desktop
D. a network security group (NSG)
You have legacy operational technology (OT) devices and IoT devices. You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations. Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. active scanning
B. threat monitoring
C. software patching
D. passive traffic monitoring
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
B. Enable Microsoft Defender for Identity.
C. Send the Azure Cosmos DB logs to a Log Analytics workspace.
D. Disable local authentication for Azure Cosmos DB.
E. Enable Microsoft Defender for Cosmos DB.
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark. What are three best practices for identity management based on the Azure Security Benchmark? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Manage application identities securely and automatically.
B. Manage the lifecycle of identities and entitlements.
C. Protect identity and authentication systems.
D. Enable threat detection for identity and access management.
E. Use a centralized identity and authentication system.
You are designing the security standards for a new Azure environment. You need to design a privileged identity strategy based on the Zero Trust model. Which framework should you follow to create the design?
A. Microsoft Security Development Lifecycle (SDL)
B. Enhanced Security Admin Environment (ESAE)
C. Rapid Modernization Plan (RaMP)
D. Microsoft Operational Security Assurance (OSA)
You are evaluating an Azure environment for compliance. You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources. Which effect should you use in Azure Policy?
A. Deny
B. Modify
C. Append
D. Disabled
Your company has a Microsoft 365 E5 subscription. Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?
A. sensitivity label policies
B. data loss prevention (DLP) policies
C. insider risk management policies
D. retention policies
HOTSPOT - You have a Microsoft 365 E5 subscription that uses Microsoft Purview, SharePoint Online, and OneDrive for Business. You need to recommend a ransomware protection solution that meets the following requirements: • Mitigates attacks that make copies of files, encrypt the copies, and then delete the original files • Mitigates attacks that encrypt files in place • Minimizes administrative effort What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes. You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort. What should you recommend?
A. The nodes must restart after the updates are applied.
B. The updates must first be applied to the image used to provision the nodes.
C. The AKS cluster version must be upgraded.
You are designing the security standards for containerized applications onboarded to Azure. You are evaluating the use of Microsoft Defender for Containers. In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Linux containers deployed to Azure Container Instances
B. Windows containers deployed to Azure Kubernetes Service (AKS)
C. Windows containers deployed to Azure Container Registry
D. Linux containers deployed to Azure Container Registry
E. Linux containers deployed to Azure Kubernetes Service (AKS)
You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements. What should you configure for each landing zone?
A. an ExpressRoute gateway
B. Microsoft Defender for Cloud
C. an Azure Private DNS zone
D. Azure DDoS Protection Standard
HOTSPOT - You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?
A. 1
B. 2
C. 3
D. 4
E. 5
You need to recommend a solution to secure the MedicalHistory data in the ClaimsDetail table. The solution must meet the Contoso developer requirements. What should you include in the recommendation?
A. row-level security (RLS)
B. Transparent Data Encryption (TDE)
C. Always Encrypted
D. data classification
E. dynamic data masking
Access Full SC-100 Dump Free
Looking for even more practice questions? Click here to access the complete SC-100 Dump Free collection, offering hundreds of questions across all exam objectives.
We regularly update our content to ensure accuracy and relevance—so be sure to check back for new material.
Begin your certification journey today with our SC-100 dump free questions — and get one step closer to exam success!