Free Microsoft SC-100 Exam Questions

Become Microsoft Certified with updated SC-100 exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Feb 09, 2026

Add To Cart

Question 1

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

A : OAuth app policies in Microsoft Defender for Cloud Apps

B : Azure Security Benchmark compliance controls in Defender for Cloud

C : application control policies in Microsoft Defender for Endpoint

D : app discovery anomaly detection policies in Microsoft Defender for Cloud Apps

Answer: A

Question 2

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?

A : data flow

B : system flow

C : process flow

D : network flow

Answer: A

Question 3

You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts. You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts. Which two configurations should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A : Enable Microsoft Defender for Cosmos DB.

B : Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace

C : Disable local authentication for Azure Cosmos DB.

D : Enable Microsoft Defender for Identity

E : Send the Azure Cosmos DB logs to a Log Analytics workspace.

Answer: B,C

Question 4

Your company has a main office and 10 branch offices. Each branch office contains an on-premisesfile server that runs Windows Server and multiple devices that run either Windows 11 or macOS. Thedevices are enrolled in Microsoft Intune.You have a Microsoft Entra tenant.You need to deploy Global Secure Access to implement web filtering for device traffic to the internetThe solution must ensure that all the web traffic from the devices in the branch offices is controlledby using Global Secure Access.What should you do first in each branch office?

A : Configure an Intune policy to deploy the Global Secure Access client to each device

B : Configure an IPsec tunnel on the router.

C : Install the Microsoft Entra private network connector on the file server.

D : Configure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Answer: B

Question 5

Your company has the virtual machine infrastructure shown in the following table.The company plans to use Microsoft Azure Backup Server (MABS) to back up the virtual machines toAzure.You need to provide recommendations to increase the resiliency of the backup strategy to mitigateattacks such as ransomware.What should you include in the recommendation?

A : Use geo-redundant storage (GRS)

B : Use customer-managed keys (CMKs) for encryption

C : Require PINs to disable backups.

D : Implement Azure Site Recovery replication.

Answer: C

Page: 1 / 50

Total 250 Questions | Updated On: Feb 09, 2026

Add To Cart