SC-100 Study App for iOS — Microsoft Cybersecurity Architect
Get exam-ready for SC-100 (Microsoft Cybersecurity Architect Expert) on iPhone or iPad. Azure Mastery uses on-device AI to predict your readiness score across all four SC-100 domains, build a personalised study plan from your weak spots, and surface topics you're forgetting — all without sending a single byte off your device.
The exam
What is the SC-100 exam?
SC-100 is the Microsoft Certified: Cybersecurity Architect Expert credential — the most senior security cert in Microsoft's track. It's the credential hiring managers expect for "Cybersecurity Architect", "Lead Security Engineer", or "Cloud Security Architect" roles. SC-100 builds on at least one Associate-level prerequisite — most commonly AZ-500, but SC-200, SC-300, or MS-500 also satisfy the requirement.
SC-100 is design-oriented and trade-off-heavy. Unlike Associate exams that test individual-service knowledge, SC-100 tests architectural reasoning: pick the right strategy under real-world constraints. It validates that you can apply the Microsoft Cybersecurity Reference Architecture (MCRA), design a Zero Trust strategy and a ransomware-resilience stance, build SecOps strategies around Microsoft Sentinel and Defender XDR, design identity strategies in Microsoft Entra (Conditional Access, PIM, Identity Governance), design infrastructure security spanning endpoints / servers / containers / networks / keys, and design application and data security including DevSecOps. Expect scenario questions where multiple answers could work — the right answer is the one that best satisfies the constraints.
Microsoft updated the SC-100 skills outline on 27 April 2026. Every question in Azure Mastery's SC-100 bank is mapped to the current outline — no leftover questions on retired services. Read the official outline at learn.microsoft.com.
Questions40–60 multiple choice
Duration120 minutes (140 min seat)
Pass score700 / 1000
CostUSD $165 (≈ £128 UK)
ValidityRenew annually (Expert)
FormatOnline or test centre
Skills measured · April 2026
SC-100 exam objectives
Four domains, with weights set by Microsoft's April 2026 update. Every domain summary below is paraphrased from the official skills outline; bullet-level objectives in Azure Mastery are tagged so you always know which domain you're being tested on and where your weak spots cluster.
Design solutions that align with security best practices and priorities20–25%
The strategy layer. Apply the Microsoft Cybersecurity Reference Architecture (MCRA), the Microsoft Cloud Security Benchmark, and the Cloud Adoption Framework (CAF) Secure baseline. Design a Zero Trust strategy across identities, endpoints, networks, applications, and data. Design ransomware-resilience patterns and a recovery strategy. Map architectural choices to regulatory compliance requirements (HIPAA, PCI-DSS, GDPR). Around 8–15 questions per sitting.
Design security operations, identity, and compliance capabilities25–30%
Tied for the largest domain. Design a SecOps strategy with Microsoft Sentinel (analytics rules, automation, hunting) and Microsoft Defender XDR. Design an identity strategy for hybrid and multi-cloud — Microsoft Entra ID, Conditional Access, Privileged Identity Management, Identity Governance, federation. Design a compliance strategy with Microsoft Purview (Information Protection, DLP, Insider Risk, Communication Compliance, Compliance Manager). Around 10–18 questions.
Design security solutions for infrastructure25–30%
Tied for the largest domain. Design endpoint and server security (Defender for Endpoint, Defender for Servers, secure baselines), Azure / multi-cloud / hybrid postures (Defender for Cloud, Azure Arc, Defender CSPM). Design network security (segmentation, perimeter, private connectivity), key and secret management strategy (Azure Key Vault, customer-managed keys, HSMs), secure remote access (Bastion, JIT VM access). Container and Kubernetes security (Defender for Containers, AKS hardening). Around 10–18 questions.
Design security solutions for applications and data20–25%
Application security strategy — secure-by-design SDL, DevSecOps and supply-chain security (Defender for DevOps), threat modelling, secrets management. Data security strategy — Microsoft Purview Information Protection, sensitivity labels, encryption choices for SQL / Cosmos / Storage, data residency considerations. Around 8–15 questions.
Designed for SC-100
How Azure Mastery helps you pass SC-100
Azure Mastery ships with 307 SC-100 practice questions, every one written specifically against the current (April 2026) skills outline — not generic security trivia. Each question carries a domain tag mapped to the official four domains (best practices and priorities, security operations / identity / compliance capabilities, infrastructure security, applications and data security), so you always know which area you're being tested on and where your weak spots are clustered. SC-100 questions favour multi-constraint scenarios over single-service recall — you'll see a customer requirement, a regulatory constraint, and a technical limitation, and pick the best architectural answer.
The on-device Exam IQ engine predicts your SC-100 score before you sit the exam. After roughly 30 questions it has enough signal to give a confidence-scored prediction (e.g. "708 ±60, 68% confidence") — and tells you the specific topics that are dragging your readiness down. No vague "study more" advice; just a ranked list of objectives where improvement would move your score the furthest.
The adaptive study plan rebuilds itself from your answer history. Miss a Zero-Trust strategy scenario? You'll see another Zero-Trust question in the next session. Master "Defender for Cloud vs Defender XDR strategy" three sessions running and the engine backs off, surfacing fresh DevSecOps or Purview design scenarios. The plan optimises for the gap between where you are and the 700 pass score, not for blind volume.
Knowledge decay tracking matters more for SC-100 than for foundational exams — Expert-level architecture spans four broad domains and dozens of Microsoft security products, and the strategy you mastered three weeks ago is the strategy you'll forget by exam day if you stop revising. Azure Mastery tracks every topic's decay curve and flags topics approaching expiry. The padlock icon on the Today screen is your "revisit before you forget" cue, and weak-spot drills automatically pull from decayed topics first.
Real exam simulation mode runs at SC-100's actual length and time pressure: a randomised 40–60-question set drawn from the full 307-question bank, weighted by domain percentages from the April 2026 outline, with the 120-minute timer running and no jumping back to flag-and-review. It's the closest you can get to the live Pearson VUE / online-proctored experience without sitting the exam.
Everything runs on-device. Your answer history, your readiness gauge, your decay alerts — none of it leaves your iPhone or iPad. No account required to start, no tracking, no sync server. Privacy-first by design.
6-week study plan
Suggested SC-100 study plan
Most candidates pass SC-100 after six to ten weeks of focused study, assuming a passed Associate prereq. The six-week plan below maps onto the four SC-100 domains, Azure Mastery's adaptive sessions, and the in-app exam simulator. Adjust pace to taste — the readiness gauge tells you when you're done, not the calendar.
Strategy and capabilities
Days 1–3: Microsoft Cybersecurity Reference Architecture (MCRA), Microsoft Cloud Security Benchmark, Cloud Adoption Framework Secure baseline.
Days 4–6: Zero Trust strategy across identities, endpoints, networks, applications, data. Ransomware-resilience patterns and recovery strategy.
Days 7–9: Regulatory compliance design (HIPAA, PCI-DSS, GDPR, sovereign cloud constraints), risk assessment frameworks.
Days 10–14: SecOps strategy with Microsoft Sentinel and Defender XDR, identity strategy with Microsoft Entra (Conditional Access, PIM, Identity Governance), compliance strategy with Microsoft Purview.
Infrastructure and workload security
Days 15–17: Endpoint and server security strategy — Defender for Endpoint, Defender for Servers, secure baselines, multi-cloud and hybrid via Azure Arc.
Days 18–20: Network security strategy — segmentation, perimeter, private connectivity, Defender for Cloud network maps.
Days 21–23: Key and secret management strategy (Key Vault, customer-managed keys, HSMs), secure remote access (Bastion, JIT VM access).
Days 24–28: Container and Kubernetes security (Defender for Containers, AKS hardening, image scanning, supply chain).
Apps, data, sharpen, simulate
Days 29–32: Application security strategy — secure-by-design SDL, DevSecOps and supply-chain security (Defender for DevOps), threat modelling.
Days 33–36: Data security strategy — Microsoft Purview Information Protection, sensitivity labels, encryption choices for SQL/Cosmos/Storage, data residency.
Days 37–40: Run Focus Weak Spots every morning. SC-100 emphasises trade-off reasoning — re-read scenarios you missed and articulate why each distractor is wrong.
Days 41–42: Two end-to-end Exam Simulator runs at full 120-minute length. Review carefully. If readiness gauge is 750+ with reasonable confidence, schedule the exam.
Inside the app
Every Microsoft question type, on iPhone
SC-100's question bank uses the same formats Microsoft puts on the live exam — not just multiple choice. Each visualisation below is a faithful mock of how the type renders inside Azure Mastery on iPhone and iPad. Exam-simulator mode runs all of them at full 100-minute length with no flag-and-review jumps, mirroring Pearson VUE.
Which Azure compute service is best for event-driven container workloads?
Azure Functions
Azure Container Apps
Azure Service Bus
Azure App Service
Multiple choice
One correct answer from four to six options. The most common type on every Azure exam — practical recall of services, settings, and limits.
~50% of questions
Select two services that support point-in-time restore.
Azure SQL Database
Azure Service Bus
Azure Cosmos DB
Azure Functions
Multi-select
Pick two or more correct answers from a list. Microsoft tells you exactly how many to choose. Partial credit not awarded — you need every selection right.
All-or-nothing
Order the steps to deploy a Bicep template.
⋮⋮1Create resource group
⋮⋮2az bicep build
⋮⋮3az deployment group create
⋮⋮4Verify outputs
Drag-and-drop
Arrange items into the correct sequence — deployment steps, the order operations occur in a pipeline, troubleshooting flows. Long-press to drag on touch.
Order matters
Tap the setting that enables soft delete on this storage account.
Hotspot
Tap the correct area of an image — the right setting in a portal screenshot, the right resource in a topology diagram. Practical visual recall under time pressure.
Tap target
Contoso Ltd needs to migrate 40 VMs from on-premises to Azure with an RTO of four hours and zero data loss…
1Which migration tool meets the RTO?
2What backup tier is required?
3Which network design supports failover?
4How should they configure RBAC?
Case studies
A multi-paragraph scenario followed by 4–6 linked questions. Common on SC-100 in the storage and identity domains; dominant on AZ-305 and AZ-400.
Multi-question
✕Your answer: Azure Service Bus
✨ Why wrong:Service Bus is for enterprise messaging with FIFO & transactions. The scenario specifies massive event ingestion at high throughput — Event Hubs is the right primitive…
— generated on-device by Apple Foundation Model
Why Wrong AI
An Azure Mastery exclusive. When you answer incorrectly, an on-device Apple Foundation Model writes a targeted explanation grounded in the correct rationale. Never leaves your device.
App exclusive
Frequently asked
SC-100 FAQs
How much does the SC-100 exam cost?
The SC-100 voucher is USD $165 in the United States. Pricing varies by region — in the UK it's typically around £128. Microsoft sometimes runs free-voucher promotions during events such as Microsoft Build or Microsoft Ignite, so check your Microsoft Learn profile for any active offers before booking. SC-100 also requires annual renewal (free, online), so factor that into long-term cost planning.
Does the SC-100 certification expire?
Yes. Microsoft Associate certifications including SC-100 expire annually. Renewal is free — a 25–30 question online assessment on Microsoft Learn within the six-month window before your expiration date. The renewal targets recent skills outline updates, so staying current is straightforward if you remain broadly active in the role. (Fundamentals certifications such as AZ-900 are different — those don't expire.)
What is the SC-100 retake policy if I fail?
The first retake is allowed after 24 hours. Second and third retakes each require a 14-day wait. Microsoft caps retakes at five attempts per 12-month rolling period. Each attempt requires a new voucher purchase.
How long should I study for SC-100?
Most candidates pass SC-100 after six to ten weeks of focused study, assuming an Associate-level prerequisite is already passed. SC-100 is design-oriented, so much of the prep is reading and pattern recognition rather than command memorisation — practice scenario reasoning until you can articulate why each distractor is wrong. Azure Mastery's readiness gauge tells you when you're at exam-ready; don't book until it shows roughly 720 or higher with reasonable confidence.
What's the SC-100 prerequisite?
SC-100 requires a passed Associate-level Microsoft security cert before you can earn the Cybersecurity Architect Expert credential. Microsoft accepts AZ-500, SC-200, SC-300, or MS-500 as the prereq. You can sit SC-100 without one, but the credential is only awarded after both are passed. Most candidates take AZ-500 first if their work is Azure-centric, or SC-200 if their day job is SOC operations.
SC-100 vs AZ-305 — which next for an architect?
Different architectural lenses. SC-100 is the security architect cert — design Zero Trust, ransomware resilience, SecOps strategy, identity governance. AZ-305 is the solutions architect cert — design data, infrastructure, business continuity, and identity/governance/monitoring. The two overlap on identity and governance design, but SC-100 goes much deeper on security and AZ-305 covers a broader Azure surface. Many senior architects hold both.
Where SC-100 fits
Certification paths that include SC-100
SC-100 is the Microsoft Cybersecurity Architect Expert cert — the senior credential in the security track. It requires one passed Associate prereq (AZ-500, SC-200, SC-300, or MS-500) and is the recommended terminal cert for senior security architects. Tap any linked exam below to see its dedicated study app page.
SC-100 is the senior security cert. AZ-500 is the most common Associate prereq; SC-200 / SC-300 are equally valid prereqs for SecOps and Identity Admin specialists. SC-900 builds the cross-cutting Microsoft security vocabulary if security is new to you.
Ready to pass SC-100?
Download Azure Mastery free. 307 SC-100 practice questions across all four domains, AI score prediction, full-length exam simulator, adaptive study plan. iPhone & iPad.
