Free Udemy Course: MS Cybersecurity Architect (SC-100) Exam Questions Jun-2025

Skills at a glanceDesign solutions that align with security best practices and priorities (20–25%)Design security operations, identity, and compliance capabilities (25–30%)Design security solutions for infrastructure (25–30%)Design security solutions for applications and data (20–25%)Design solutions that align with security best practices and priorities (20–25%)Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best PracticesDesign a security strategy to support business resiliency goals, including identifying and prioritizing threats to business-critical assetsDesign solutions for business continuity and disaster recovery (BCDR), including secure backup and restore for hybrid and multicloud environmentsDesign solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged accessEvaluate solutions for security updatesDesign solutions that align with the Microsoft Cybersecurity Reference Architectures (MCRA) and Microsoft cloud security benchmark (MCSB)Design solutions that align with best practices for cybersecurity capabilities and controlsDesign solutions that align with best practices for protecting against insider, external, and supply chain attacksDesign solutions that align with best practices for Zero Trust security, including the Zero Trust Rapid Modernization Plan (RaMP)Design solutions that align with the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected FrameworkDesign a new or evaluate an existing strategy for security and governance based on the Microsoft Cloud Adoption Framework (CAF) for Azure and the Microsoft Azure Well-Architected FrameworkRecommend solutions for security and governance based on the Microsoft Cloud Adoption Framework for Azure and the Microsoft Azure Well-Architected FrameworkDesign solutions for implementing and governing security by using Azure landing zonesDesign a DevSecOps process that aligns with best practices in the Microsoft Cloud Adoption Framework (CAF)Design security operations, identity, and compliance capabilities (25–30%)Design solutions for security operationsDesign a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)Design a solution for centralized logging and auditing, including Microsoft Purview AuditDesign monitoring to support hybrid and multicloud environmentsDesign a solution for security orchestration automated response (SOAR), including Microsoft Sentinel and Microsoft Defender XDRDesign and evaluate security workflows, including incident response, threat hunting, and incident managementDesign and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and industrial control systems (ICS)Design solutions for identity and access managementDesign a solution for access to software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), hybrid/on-premises, and multicloud resources, including identity, networking, and application controlsDesign a solution for Microsoft Entra ID, including hybrid and multi-cloud environmentsDesign a solution for external identities, including business-to-business (B2B), business-to-customer (B2C), and decentralized identityDesign a modern authentication and authorization strategy, including Conditional Access, continuous access evaluation, risk scoring, and protected actionsValidate the alignment of Conditional Access policies with a Zero Trust strategySpecify requirements to harden Active Directory Domain Services (AD DS)Design a solution to manage secrets, keys, and certificatesDesign solutions for securing privileged accessDesign a solution for assigning and delegating privileged roles by using the enterprise access modelEvaluate the security and governance of Microsoft Entra ID, including Microsoft Entra Privileged Identity Management (PIM), entitlement management, and access reviewsEvaluate the security and governance of Active Directory Domain Services (AD DS), including resilience to common attacksDesign a solution for securing the administration of cloud tenants, including SaaS and multicloud infrastructure and platformsDesign a solution for cloud infrastructure entitlement management that includes Microsoft Entra Permissions ManagementEvaluate an access review management solution that includes Microsoft Entra Permissions ManagementDesign a solution for Privileged Access Workstation (PAW), including remote accessDesign solutions for regulatory complianceTranslate compliance requirements into security controlsDesign a solution to address compliance requirements by using Microsoft PurviewDesign a solution to address privacy requirements, including Microsoft PrivaDesign Azure Policy solutions to address security and compliance requirementsEvaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for CloudDesign security solutions for infrastructure (25–30%)Design solutions for security posture management in hybrid and multicloud environmentsEvaluate security posture by using Microsoft Defender for Cloud, including the Microsoft cloud security benchmark (MCSB)Evaluate security posture by using Microsoft Secure ScoreDesign integrated security posture management solutions that include Microsoft Defender for Cloud in hybrid and multi-cloud environmentsSelect cloud workload protection solutions in Microsoft Defender for CloudDesign a solution for integrating hybrid and multicloud environments by using Azure ArcDesign a solution for Microsoft Defender External Attack Surface Management (Defender EASM)Specify requirements and priorities for a posture management process that uses Microsoft Security Exposure Management attack paths, attack surface reduction, security insights, and initiativesSpecify requirements for securing server and client endpointsSpecify security requirements for servers, including multiple platforms and operating systemsSpecify security requirements for mobile devices and clients, including endpoint protection, hardening, and configurationSpecify security requirements for IoT devices and embedded systemsEvaluate solutions for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoTSpecify security baselines for server and client endpointsEvaluate Windows Local Admin Password Solution (LAPS) solutionsSpecify requirements for securing SaaS, PaaS, and IaaS servicesSpecify security baselines for SaaS, PaaS, and IaaS servicesSpecify security requirements for IoT workloadsSpecify security requirements for web workloadsSpecify security requirements for containersSpecify security requirements for container orchestrationEvaluate solutions that include Azure AI services securityEvaluate solutions for network security and Security Service Edge (SSE)Evaluate network designs to align with security requirements and best practicesEvaluate solutions that use Microsoft Entra Internet Access as a secure web gatewayEvaluate solutions that use Microsoft Entra Internet Access for Microsoft Services, including cross-tenant configurationsEvaluate solutions that use Microsoft Entra Private AccessDesign security solutions for applications and data (20–25%)Evaluate solutions for securing Microsoft 365Evaluate security posture for productivity and collaboration workloads by using metrics, including Microsoft Secure ScoreEvaluate solutions that include Microsoft Defender for Office 365 and Microsoft Defender for Cloud AppsEvaluate device management solutions that include Microsoft IntuneEvaluate solutions for securing data in Microsoft 365 by using Microsoft PurviewEvaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 servicesDesign solutions for securing applicationsEvaluate the security posture of existing application portfoliosEvaluate threats to business-critical applications by using threat modelingDesign and implement a full lifecycle strategy for application securityDesign and implement standards and practices for securing the application development processMap technologies to application security requirementsDesign a solution for workload identity to authenticate and access Azure cloud resourcesDesign a solution for API management and securityDesign solutions that secure applications by using Azure Web Application Firewall (WAF)Design solutions for securing an organization's dataEvaluate solutions for data discovery and classificationSpecify priorities for mitigating threats to dataEvaluate solutions for encryption of data at rest and in transit, including Azure Key Vault and infrastructure encryptionDesign a security solution for data in Azure workloads, including Azure SQL, Azure Synapse Analytics, and Azure Cosmos DBDesign a security solution for data in Azure StorageDesign a security solution that includes Microsoft Defender for Storage and Microsoft Defender for Databases