Welcome to my SC-100 Exam Study Guide (Microsoft Cyber Security Architect exam). The purpose of the study guide is to help you study and gain the experience required to pursue and pass the SC-100 Exam and earn the Microsoft Certified: Cybersecurity Architect Expert certification. Below you will find various study materials and a solid study path to help you plan and take the SC-100 exam.
About the SC-100 Exam
The SC-100 Microsoft Cybersecurity Architect exam is aimed towards candidates who have a wide range of knowledge in different areas of Microsoft Security and are able to design and implement security solutions. You will also be expected to be familiar with both hybrid and cloud-only environments and implementations. The exam is an expert level exam so it is not deemed to be easy. You can read the full exam description on the Microsoft exam page here.
How hard is the SC-100 Exam?
The SC-100 exam is an expert level exam, aimed at those who have extensive experience securing Microsoft Paas, Iaas and hybrid environments. By completing this exam (and 1 pre-requisite exam) you will earn the title of Microsoft Certified: Cybersecurity Architect Expert, so as can you can see, Expert is in the name…
How long should you study for the SC-100 exam?
You should give yourself at least 1 month of solid study for this exam. That is whether you are well experienced in designing Azure security solutions or not. As mentioned above, the exam is deemed quite hard, although in reality the exam does not go into heavy technical detail, you will still need a very good understand of how Azure solutions integrate with security.
Aim for about 1.5 hours of study a day. If you miss any days within the month, carry this into the next month, so you are not missing any study time and only take the exam once you feed confident.
Are there labs in the SC-100 exam?
There are no labs in the SC-100 exam.
How to become a Microsoft Certified: Cybersecurity Architect Expert
Taking the SC-100 Microsoft Cybersecurity Architect exam is not the only requirement to becoming a Microsoft Certified: Cybersecurity Architect Expert. You must also pass one of the pre-requisite exams, of which there are 4 to choose from:
- Microsoft Certified: Security Operations Analyst Associate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Security Administrator Associate
Microsoft Learn Paths and Resources
Microsoft Learn is one of the best places to start when it comes to studying. Microsoft has now released an official learning path for the SC-100 exam, I have complied a collection of Microsoft learn paths specifically for the SC-100 exam and you can find a link to them below along with other resources:
Microsoft Docs: SC-100 Exam Study Guide
Design a Zero Trust strategy and architecture (30–35%)
Build an overall security strategy and architecture
- Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architecture (MCRA)
- Translate business goals into security requirements
- translate security requirements into technical capabilities, including security services, security products, and security processes
- design security for a resiliency strategy
- integrate a hybrid or multi-tenant environment into a security strategy
- develop a technical and governance strategy for traffic filtering and segmentation
Design a security operations strategy
- design a logging and auditing strategy to support security operations
- develop security operations to support a hybrid or multi-cloud environment
- design a strategy for SIEM and SOAR
- evaluate security workflows
- evaluate a security operations strategy for incident management lifecycle
- evaluate a security operations strategy for sharing technical threat intelligence
Design an identity security strategy
Note: includes hybrid and multi-cloud design a strategy for access to cloud resources
- recommend an identity store (tenants, B2B, B2C, hybrid)
- recommend an authentication strategy
- recommend an authorization strategy
- design a strategy for conditional access
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common
- https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation
- design a strategy for role assignment and delegation
- design security strategy for privileged role access to infrastructure including identity-based firewall rules, Azure PIM
- design security strategy for privileged activities including PAM, entitlement management, cloud tenant administration
Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)
NOT: Information Protection or DLP
Design a regulatory compliance strategy
- interpret compliance requirements and translate into specific technical capabilities (new or existing)
- evaluate infrastructure compliance by using Microsoft Defender for Cloud
- interpret compliance scores and recommend actions to resolve issues or improve security
- design implementation of Azure Policy
- design for data residency requirements
- translate privacy requirements into requirements for security solutions
Evaluate security posture and recommend technical strategies to manage risk
- evaluate security posture by using benchmarks (including Azure security benchmarks, ISO 2701, etc.)
- evaluate security posture by using Microsoft Defender for Cloud
- evaluate security posture by using Secure Scores
- evaluate the security posture of cloud workloads
- design security for an Azure Landing Zone
- interpret technical threat intelligence and recommend risk mitigations
- recommend security capabilities or controls to mitigate identified risks
Design security for infrastructure (20–25%)
Design a strategy for securing server and client endpoints
- specify security baselines for server and client endpoints
- specify security requirements for servers, including multiple platforms and operating systems
- specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration
- specify requirements to secure Active Directory Domain Services
- design a strategy to manage secrets, keys, and certificates
- design a strategy for secure remote access
- https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-remote-vm-access#:~:text=To%20secure%20remote%20access%20to,access%20through%20the%20RDS%20environment.
- https://docs.microsoft.com/en-us/azure/security/fundamentals/management
- https://azure.microsoft.com/en-us/services/azure-bastion/#overview
- https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/vpn-gateway-security-baseline
Design a strategy for securing SaaS, PaaS, and IaaS service
Note: includes hybrid and multi-cloud
- specify security baselines for SaaS, PaaS, and IaaS services
Note to item writers: service configuration only, not in-product user security settings - specify security requirements for IoT workloads
- specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB
- specify security requirements for web workloads, including Azure App Service
- specify security requirements for storage workloads, including Azure Storage
- specify security requirements for containers
- specify security requirements for container orchestration
- https://docs.microsoft.com/en-us/azure/container-instances/container-instances-orchestrator-relationship
- https://docs.microsoft.com/en-us/azure/architecture/microservices/design/orchestration
Design a strategy for data and applications (20–25%)
Specify security requirements for applications
- specify priorities for mitigating threats to applications
- https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management
- https://docs.microsoft.com/en-us/azure/security/fundamentals/threat-detection
- https://docs.microsoft.com/en-us/azure/security/fundamentals/network-overview
- https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
- specify a security standard for onboarding a new application
- specify a security strategy for applications and APIs
Design a strategy for securing data
- specify priorities for mitigating threats to data
- design a strategy to identify and protect sensitive data
- specify an encryption standard for data at rest and in motion
Summary
Thank you for taking the time to read my SC-100 exam study guide. Hopefully now by the end of this guide you should be well prepared to pass the SC-100 Microsoft Cybersecurity Architect exam. If you have questions please leave them below and I will do my best to respond asap.
Thanks, Really appreciate