SC-100 Study Guide: Microsoft Cybersecurity Architect

11 Min. Read

Are you preparing for the SC-100 Microsoft Cybersecurity Architect certification? This study guide will share with you how to prepare and pass the SC-100: Microsoft Certified Cybersecurity Architect Expert successfully (with links to exam objectives).

The increase in cyber security issues in the press seems relentless. Organizational leaders in all types of industries are looking for capable cybersecurity architects to navigate them safely through the dangers of this highly connected world.

Introduction

Microsoft is keeping evolving its learning programs to help you and your career keep pace with today’s demanding IT environments. The new updated role-based certifications will help you to keep pace with today’s business requirements. Microsoft Learning is constantly evolving its learning program to better offer what you need to skill up, prove your expertise to employers and peers, and get the recognition—and opportunities you’ve earned.

After last year’s announcement of the new certifications exams that focus on Security, Compliance, and Identity (SCI) solutions, Microsoft Learning announced a new certification exam to complement the security learning path by introducing the new Microsoft Cybersecurity Architect Expert certification, which expands Azure training and certification portfolio.

To obtain the Cybersecurity Architect Expert certification you need to pass the new SC-100 exam (this study guide) and ONLY ONE of the following four prerequisites security exams:

> Option 1: Exam SC-200: Microsoft Security Operations Analyst.

> Option 2: Exam SC-300: Microsoft Identity and Access Administrator.

> Option 3: Exam AZ-500: Microsoft Azure Security Technologies.

> Option 4: Exam MS-500: Microsoft 365 Security Administration.

Here is the entire path to follow to earn the new Microsoft Certified: Cybersecurity Architect Expert certification:

Microsoft Certified: Cybersecurity Architect Expert
Microsoft Certified: Cybersecurity Architect Expert

SC-100 Exam Preparation

How do you prepare for the SC-100 exam?

While preparing to take this exam myself, I would like to share with you how to prepare and pass the SC-100: Microsoft Cybersecurity Architect exam successfully. To prepare for this exam, I usually use a couple of online resources, mainly Microsoft Docs, Microsoft Learn, and Training Labs, which I am going to share with you in the next section.

The exam is available on April 7, 2022, in the Beta phase at the time of this writing. Beta exams are not scored immediately because Microsoft is gathering data on the quality of the questions and the exam. I will update this article as soon as I get the exam results from Microsoft.

Since the SC-100 Exam (Beta) won’t be released until April 7, 2022, you can start preparing for it now and get ready.

Updated on 05/05/2022  In this exam, I got around 48 questions in total with 2 case studies, 2 sections with Yes/No answers, and no lab questions since it’s an architect and design level exam. The total time for this exam is 120 minutes (2 hours). The exam is long, you need to manage your time and prepare very well. The questions do pretty much match the list of skills measured below.

Exam Target Audience

The Microsoft cybersecurity architect has subject matter expertise (SME) in designing and evolving the cybersecurity strategy to protect an organization’s mission and business processes across all aspects of the enterprise architecture. The cybersecurity architect designs a Zero Trust strategy and architecture, including security strategies for data, applications, access management, identity, and infrastructure. The cybersecurity architect also evaluates Governance Risk Compliance (GRC) technical strategies and security operations strategies.

The cybersecurity architect continuously collaborates with leaders and practitioners in IT security, privacy, and other roles across an organization to plan and implement a cybersecurity strategy that meets the business needs of an organization.

To prepare for this certification, you should have advanced experience and knowledge in a wide range of security engineering areas including identity and access management (IAM), platform protection, security operations, securing data, and securing applications. You should also have experience with hybrid and cloud implementations.

Please note that to prepare and take the SC-100 exam, I highly recommended studying and passing one of the following four prerequisites exams, before you sit and take the SC-100 exam:

> Exam SC-200: Microsoft Security Operations Analyst.
> Exam SC-300: Microsoft Identity and Access Administrator.
> Exam AZ-500: Microsoft Azure Security Technologies.
> Exam MS-500: Microsoft 365 Security Administration.

Prerequisites

This is the first expert-level certification that Microsoft released in Security, Compliance, and Identity portfolio. Expert-level certifications target higher-level skills than their associate/fundamental-level counterparts, which may focus on your ability to implement or configure various cloud services. This certification will focus on designing elements of a cybersecurity architecture and evaluating the tradeoffs between different solutions.

As a prerequisite for this exam, you should already have advanced experience and knowledge in a wide range of security engineering areas including identity and access management, platform protection, security operations, securing data, and securing applications.

You are also an excellent candidate for this Cybersecurity Architect certification if you have experience with hybrid and cloud implementations.

Skills measured on this exam

This exam measures your ability to design, integrate and develop a security strategy for your organization based on the topics listed below.

I have curated a list of articles from Microsoft documentation based on the latest update from Microsoft Learning for the SC-100 exam. Please share this study guide within your circles so it helps them to prepare for the exam.

Design a Zero Trust strategy and architecture (30–35%)

Build an overall security strategy and architecture

 Identify the integration points in architecture by using Microsoft Cybersecurity Reference Architecture (MCRA)

 Translate business goals into security requirements

 Translate security requirements into technical capabilities, including security services, security products, and security processes

 Design security for a resiliency strategy

 Integrate a hybrid or multi-tenant environment into a security strategy

 Develop a technical and governance strategy for traffic filtering and segmentation Design a security operations strategy

 Design a logging and auditing strategy to support security operations

 Develop security operations to support a hybrid or multi-cloud environment

 Design a strategy for SIEM and SOAR

 Evaluate security workflows

 Evaluate a security operations strategy for incident management lifecycle

 Evaluate a security operations strategy for sharing technical threat intelligence

Design an identity security strategy (includes hybrid and multi-cloud)

 Design a strategy for access to cloud resources

 Recommend an identity store (tenants, B2B, B2C, hybrid)

 Recommend an authentication strategy

 Recommend an authorization strategy

 Design a strategy for conditional access

 Design a strategy for role assignment and delegation

 Design security strategy for privileged role access to infrastructure including identity-based firewall rules, Azure PIM

 Design security strategy for privileged activities including PAM, entitlement management, cloud tenant administration

Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies (20–25%)

NOT: Information Protection or Data loss prevention (DLP)

Design a regulatory compliance strategy

 Interpret compliance requirements and translate them into specific technical capabilities (new or existing)

 Evaluate infrastructure compliance by using Microsoft Defender for Cloud

 Interpret compliance scores and recommend actions to resolve issues or improve security

 Design implementation of Azure Policy

 Design for data residency requirements

 Translate privacy requirements into requirements for security solutions

Evaluate security posture and recommend technical strategies to manage risk

 Evaluate security posture by using benchmarks (including Azure security benchmarks, ISO 27001, etc.)

 Evaluate security posture by using Microsoft Defender for Cloud

 Evaluate security posture by using Secure Scores

 Evaluate the security posture of cloud workloads

 Design security for an Azure Landing Zone

 Interpret technical threat intelligence and recommend risk mitigations

 Recommend security capabilities or controls to mitigate identified risks

Design security for infrastructure (20–25%)

Design a strategy for securing server and client endpoints

 Specify security baselines for server and client endpoints

 Specify security requirements for servers, including multiple platforms and operating systems

 Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configuration

 Specify requirements to secure Active Directory Domain Services

 Design a strategy to manage secrets, keys, and certificates

 Design a strategy for secure remote access

Design a strategy for securing SaaS, PaaS, and IaaS services (includes hybrid and multi-cloud)

 Specify security baselines for SaaS, PaaS, and IaaS services

Note to item writers: service configuration only, not in-product user security settings

 Specify security requirements for IoT workloads

 Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB

 Specify security requirements for web workloads, including Azure App Service

 Specify security requirements for storage workloads, including Azure Storage

 Specify security requirements for containers

 Specify security requirements for container orchestration

Design a strategy for data and applications (20–25%)

Specify security requirements for applications

 Specify priorities for mitigating threats to applications

 Specify a security standard for onboarding a new application

 Specify a security strategy for applications and APIs

Design a strategy for securing data

 Specify priorities for mitigating threats to data

 Design a strategy to identify and protect sensitive data

 Specify an encryption standard for data at rest and in motion

Microsoft Learn – Study Resources

To prepare for this exam, I use the new Microsoft Learn, a great resource that provides self-paced skills training on a variety of Azure security topics.

I highly recommend checking the following modules including the ones from the SC-200 Microsoft Security Operations Analyst and the SC-300 Microsoft Identity and Access Administrator.

> SC-200: Mitigate threats using Microsoft Defender for Endpoint (10 modules)
> SC-200: Mitigate threats using Microsoft 365 Defender (8 modules)
> SC-200: Mitigate threats using Microsoft Defender for Cloud (5 modules)
> SC-200: Configure your Microsoft Sentinel environment (5 modules)

> SC-300: Implement an identity management solution (4 modules)
> SC-300: Implement an Authentication and Access Management solution (4 modules)
> SC-300: Implement Access Management for Apps (3 modules)
> SC-300: Plan and implement an identity governance strategy (4 modules)

> Learn: Build a cloud governance strategy on Azure
> Learn: Improve your cloud security posture with Microsoft Defender for Cloud
> Learn: Use a framework to identify threats and find ways to reduce or eliminate the risk
> Learn: Secure your Azure Storage account
> Learn: Secure your cloud apps and services with Microsoft Defender for Cloud Apps

SC-100 Learning Path

Updated on 13/05/2022 – The Microsoft learning team just put together a learning path for the SC-100 exam. The Learn path is a set of modules that are repurposed from other exams such as the AZ-500 and the SC-200, it’s a learning path pulled together in a structured way to help you focus on these topics.

I highly recommend checking the following modules:

1) AZ-500 part-1: Manage Identity and Access (5 Modules).
2) AZ-500 part2: Implement platform protection (4 Modules).
3) AZ-500 part 3: Secure your data and applications (4 Modules).
4) SC-200: Mitigate threats using Microsoft Defender for Endpoint ( 10 Modules).
5) SC-200: Mitigate threats using Microsoft Defender for Cloud (5 Modules).
6) SC-200: Configure your Microsoft Sentinel environment (5 Modules).

Videos

If  you are interested to prepare for this exam using video training, then I highly recommend checking the following resources:

> Microsoft: Cybersecurity Reference Architectures (YouTube playlist).

> Pluralsight: Managing Security Operations in Microsoft Azure.

> LinkedIn Learning: Microsoft Azure Security Technologies (AZ-500): Manage Security Operations.

> LinkedIn Learning: Microsoft Identity and Access Administrator (SC-300).

I will keep updating this article as soon as I have new materials such as videos, practice tests, and the official instructor-led training.

Lessons Learned

I think there is a perception that Architecture is “just drawing” on a whiteboard; however, this exam really went into lots of topics around tooling, strategy, Zero Trust, and Security Operations.

Read, read, and read… I cannot stress enough that understanding all the security concepts in Microsoft 365 Defender, Azure, and Azure AD will help you to pass this exam. The key success to passing this exam is to work with Azure security solutions on regular basis, especially Microsoft Defender for Cloud and Azure AD.

The biggest subjects and topics that I saw on the SC-100 exam are the following:

  • Azure Active Directory (Azure AD)
    • Privileged Identity Management (PIM)
    • Identity Governance / Access Packages / Access Reviews
  • Azure Active Directory Domain Services (Azure AD DS)
  • Zero Trust / Azure Landing Zone security
  • Azure AD Application Proxy
  • Azure Bastion
  • Azure Policy
  • Secure Azure Storage accounts
    • Shared access signature (SAS)
    • Blob public access / Storage account key access
    • Customer-managed keys for Azure Storage encryption
  • Azure SQL / Azure SQL Managed Instance Security
    • Dynamic data masking
    • Encrypt a Column of Data
    • Data encryption with customer-managed keys
  • Private Endpoints
  • Microsoft Sentinel
    • Send Sentinel logs to Splunk
    • Manage Microsoft Sentinel workspaces at scale with Azure Lighthouse
    • Workspace region and compliance considerations
  • Microsoft 365 Defender
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Endpoint
    • Web content filtering
  • Microsoft Defender for Cloud
    • Secure Storage Accounts
    • Vulnerability assessment
    • Security Recommendations (Restrict unauthorized network access / Enable endpoint protection)
    • Regulatory Compliance (ISO 27001:2013)
    • Defender for Servers
    • Defender for Containers
    • Protect AWS EC2 instances
  • Secure Web Apps (App Service) with Azure Front Door
  • Secure access to CosmosDB from App Service
  • Azure Application Gateway v2 with Web Application Firewall (WAF)

Overall, I think Microsoft Worldwide Learning is doing a good job of gradually shaping these exams to reflect real-world Azure security best practice scenarios. The SC-100 exam is logically organized and focused solely on security and design using Microsoft 365 Defender, Microsoft Sentinel, Microsoft Defender for Cloud, Azure AD identity protection, and Azure Security in general.

Schedule SC-100 Exam

Updated – 07/04/2022, Microsoft launched the SC-100 exam in beta mode, if you would like to take the beta exam and receive the 80% discount* (first 300 people), use the code below when prompted for payment. This is not a private access code.

SC100ARCH

You must register for the exam on or before May 5th, 2022. The seats are offered on a first-come, first-served basis. Please note that this beta exam is NOT available in Turkey, Pakistan, India, or China.

Once you are ready, click Schedule exam here and take it online from the comfort of your home/office with proctor supervision.

Exam SC-100: Microsoft Cybersecurity Architect
Exam SC-100: Microsoft Cybersecurity Architect

Other Microsoft Azure Exam Study Guides

Are you interested in another Azure certification exam? I highly encourage you to check out the following Azure exam study guides:

If you are planning to take the SC-100 exam… I wish you all the best and Happy Studying!!!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

Previous

AZ-720 Study Guide: Troubleshooting Microsoft Azure Connectivity

How Azure Stack HCI is Forcing Changes in your Datacenter

Next

11 thoughts on “SC-100 Study Guide: Microsoft Cybersecurity Architect”

Leave a comment...

  1. Thank you Konstantin for your comment and for sharing your feedback, much appreciated!
    I am so happy and grateful to hear that the materials shared here were helpful to you.
    Good luck with the results!
    All the best,

  2. Hi Charbel, this is a fantabulous and eye-opening blog. Very insightful, helpful, and guiding professionals in the right way. Much appreciate your efforts.
    Which third-party training program would you suggest for SC 100 apart from Microsoft Docs and videos? For an instance would you say Pluralsight or something else?

  3. Hello Sathya, thanks for the comment and feedback, much appreciated!
    At the time of this writing, there is no third-party training program that released an official training for the SC-100 exam.
    However, I would pick one of the well-known third-party providers such as LinkedIn, Microsoft Press, and Pluralsight.
    Additionally, I am preparing for live training for the SC-100 exam in August 2022, you can register here if you are interested, it will open soon for registration. Stay Tuned!
    Thank You!

Let me know what you think, or ask a question...

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!