Microsoft SC-100 Practise Test – Cybersecurity Architect #1

Microsoft SC-100 Exam


As I am sitting exams at the moment, I have finding I am on the look out for practise tests and supplementary material for giving me confidence in exams. I have noticed there is no free Microsoft provided SC-100 practise questions, so therefore I have decided to study and create my own!

I hope these are of use!

The answers are at the bottom, including guidance if you incorrectly answered any of the questions.

Once you have finished the practise test, there is a second edition: Microsoft Cybersecurity Architect (SC-100) Practise Test Questions #2


  1. SSL/TLS is used to protect data confidentiality via encryption in which state?

    a) At-rest 
    b) In-transit 
    c) Both ‘at-rest’ and ‘in-transit’ 

  2. Who is responsible for maintaining the servers that provide Microsoft 365 (SaaS)?

    a) The customer 
    b) The cloud vendor 

  3. Who is responsible for maintaing user accounts and digital identities in Microsoft 365 (Saas)?

    a) The cloud vendor 
    b) The customer 

  4. What are the Microsoft guiding principles of ZeroTrust?

    a) Verify but trust, apply RBAC access and check for breach 
    b) Verify explicitly, least privilege access, assume breach 
    c) Verify explicitly, review access, assume hacks 

  5. What allows many Microsoft cloud services to be interconnected easily using a common schema?

    a) Microsoft SQL on Azure 
    b) Microsoft Graph API 
    c) DirectX 

  6. Which services allow for collaboration with external users so they can bring their own pre-existing identities from Entra ID, Google, Facebook etc.?

    a) Entra ID BNC 
    b) Entra ID B2B 
    c) Entra ID B2C 
    d) Active Directory 

  7. Which service allows you to provide Entra ID identities access to applications hosted on-premises?

    a) Azure Direct Connect 
    b) Azure Express Route 
    c) Azure AD Application Proxy 

  8. Which protocol allows for automatic provisioning of identities and group memberships between applications and identity providers?

    a) SCIM 
    b) SAML 
    c) SCOT 

  9. What is the most secure form of authentication according to Microsoft?

    a) Password only 
    b) Password and SMS 
    c) Windows Hello for Business 

  10. Which Licenses provide full access to Entra ID Identity Protection?

    a) Entra ID Plan 2 
    b) Microsoft 365 E3 
    c) Microsoft 365 E5 
    d) Microsoft 365 Business Premium  

Answers Below:


  1. B – SSL/TLS is an in-transit encryption technology
  2. B – the SaaS provider is responsible for maintaining servers, see the Cloud Responsibility model: Shared responsibility in the cloud – Microsoft Azure | Microsoft Learn
  3. B – The customer is always responsible for maintaining accounts and identities, see the cloud responsibility model: Shared responsibility in the cloud – Microsoft Azure | Microsoft Learn
  4. B – You can refer to the Microsoft Zero Trust Model for more information: Zero Trust Model – Modern Security Architecture | Microsoft Security
  5. B – The Microsoft Graph API is available in a wide range of its cloud services, you can explore some of its capability here: Graph Explorer | Try Microsoft Graph APIs – Microsoft Graph
  6.  B and C – You can learn more about B2B and B2C here: Microsoft Entra External ID documentation | Microsoft Learn
  7. C – Azure AD Application Proxy enables cloud identities to connect to on-premises applications and services, you can learn more here: Remote access to on-premises apps – Microsoft Entra application proxy | Microsoft Learn
  8. A – SCIM – you can learn more about SCIM here: Understanding SCIM | Okta Developer. SAML is generally used for Single-Sign-on but not for syncing group memberships or automatically provisioning users across systems.
  9. C – Microsoft considers Windows Hello for Business to be the strongest form of authenticating out of the three, as it is Password-less and Phishing resistant for more information: Overview of Microsoft Entra authentication strength | Microsoft Learn
  10. A and C – Entra ID Plan 2 is required for the full protection from Entra ID identity protection, only E5 and of course Entra ID Plan 2 includes Entra ID Plan 2 for more info on the licencing requirements for Entra ID identity protection:

Leave a Comment

Your email address will not be published. Required fields are marked *