SC-100 Exam Study Guide (Microsoft Cybersecurity Architect)

SC-100 Study Guide (Microsoft Cybersecurity Architect)

SC-100 Preparation Details

Preparing for the SC-100 Microsoft Cybersecurity Architect exam? Don’t know where to start? This post is the SC-100 Certificate Study Guide (with links to each exam objective).

I have curated a list of articles from Microsoft documentation for each objective of the SC-100 exam. Please share the post within your circles so it helps them to prepare for the exam.

Exam Voucher for SC-100 with 1 Retake

Get 40% OFF with the combo

SC-100 Microsoft Cybersecurity Architect Course

Udemy Introduction to Cloud Security with Microsoft
Pluralsight Managing Security Operations in Azure

SC-100 Microsoft Cybersecurity Practice Test

Whizlabs Exam QuestionsMicrosoft Security Analyst Practice Test
Udemy Practice Tests Security Operations Analyst Test
Amazon e-book (PDF) Microsoft Azure Security Infrastructure

Looking for SC-100 Dumps? Read This!

Using sc-100 exam dumps can get you permanently banned from taking any future Microsoft certificate exam. Read the FAQ page for more information. However, I strongly suggest you validate your understanding with practice questions.

Check out all the other Azure certificate study guides

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Design a Zero Trust strategy and architecture (30–35%)

Build an overall security strategy and architecture

Identify the integration points in architecture by using Microsoft Cybersecurity Reference Architecture (MCRA)

Microsoft cybersecurity reference architectures

Cybersecurity Reference Architecture: Security for a hybrid enterprise

Translate business goals into security requirements

How to organize your security team?

Security governance

Translate security requirements into technical capabilities, including security services, security products, and security processes

Azure security

Security technical capabilities in Azure

Design security for a resiliency strategy

Define a security strategy

Integrate a hybrid or multi-tenant environment into a security strategy

Security in a hybrid workload

Develop a technical and governance strategy for traffic filtering and segmentation

Filter network traffic

Build a cloud governance strategy on Azure

Segmentation strategies

Implement network segmentation patterns

Design a security operations strategy

Design a logging and auditing strategy to support security operations

Designing your Azure Monitor Logs deployment

Azure security logging and auditing

Develop security operations to support a hybrid or multi-cloud environment

Protect multi-cloud environments with Azure Security Center

Protect multi-cloud workloads with Azure security innovations

Hybrid security monitoring with Sentinel

Design a strategy for SIEM and SOAR

Azure Sentinel: Make your SIEM SOAR like an eagle

Evaluate security workflows

Workflow automation in Microsoft Defender for Cloud

Evaluate a security operations strategy for incident management lifecycle

Azure Security Benchmark V2: Incident response

Evaluate a security operations strategy for sharing technical threat intelligence

Microsoft Security Best Practices: Security operations

Microsoft uses threat intelligence to protect, detect, & respond to threats

SC-200 Microsoft Operations Security Analyst

Amazon link (affiliate)

Design an identity security strategy

Note: includes hybrid and multi-cloud

Design a strategy for access to cloud resources

Design your cloud strategy to maximize value on Azure

Identity and access management

Recommend an identity store (tenants, B2B, B2C, hybrid)

Recommend an authentication strategy

Recommend an authorization strategy

Design a strategy for conditional access

Design a strategy for role assignment and delegation

Design security strategy for privileged role access to infrastructure including identity-based firewall rules, Azure PIM

Design security strategy for privileged activities including PAM, entitlement management,
cloud tenant administration

Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)

NOT: Information Protection or DLP

Design a regulatory compliance strategy

Interpret compliance requirements and translate into specific technical capabilities (new
or existing)

Evaluate infrastructure compliance by using Microsoft Defender for Cloud

Interpret compliance scores and recommend actions to resolve issues or improve security

Design implementation of Azure Policy

Design for data residency requirements

Translate privacy requirements into requirements for security solutions

Evaluate security posture and recommend technical strategies to manage risk

Evaluate security posture by using benchmarks (including Azure security benchmarks, ISO 2701, etc.)

Evaluate security posture by using Microsoft Defender for Cloud

Evaluate security posture by using Secure Scores

Evaluate security posture of cloud workloads

Design security for an Azure Landing Zone

Interpret technical threat intelligence and recommend risk mitigations

Recommend security capabilities or controls to mitigate identified risks

Design security for infrastructure (20–25%)

Design a strategy for securing server and client endpoints

Specify security baselines for server and client endpoints

Specify security requirements for servers, including multiple platforms and operating systems

Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration

Specify requirements to secure Active Directory Domain Services

Design a strategy to manage secrets, keys, and certificates

Design a strategy for secure remote access

Design a strategy for securing SaaS, PaaS, and IaaS services

Note: includes hybrid and multi-cloud

Specify security baselines for SaaS, PaaS, and IaaS services

Note to item writers: service configuration only, not in-product user security settings
Specify security requirements for IoT workloads

Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB

Specify security requirements for web workloads, including Azure App Service

Specify security requirements for storage workloads, including Azure Storage

Specify security requirements for containers

Specify security requirements for container orchestration

Design a strategy for data and applications (20–25%)

Specify security requirements for applications

Specify priorities for mitigating threats to applications

Specify a security standard for onboarding a new application

Specify a security strategy for applications and APIs

Design a strategy for securing data

Specify priorities for mitigating threats to data

Design a strategy to identify and protect sensitive data

Specify an encryption standard for data at rest and in motion

This brings us to the end of the SC-100 Microsoft Cybersecurity Architect exam study guide.

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you how your SC-100 exam preparation is going on!

In case you are preparing for other Azure certification exams, check out the Azure study guide for those exams.

Follow Me to Receive Updates on SC-100 Exam

Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the SC-100 Study Guide in Your Network

You may also like