Microsoft Certified: Cloud and AI Security Engineer Associate Questions and Answers
200 questions organized by topic with detailed explanations
Microsoft
SC-500
200 questions
4 topics
Updated May 2026Manage identity, access, and governance
48 questions12 easy24 medium12 hard~24% of exam
An organization is moving away from AD FS and wants cloud authentication that still lets users sign in to cloud apps if ...A company wants to invite a partner user to collaborate in its tenant as a guest account. Which Microsoft Entra capabili...A partner organization sends a list of 500 guest users who all need access next week. Which approach best fits this requ...
Secure storage, databases, and networking
58 questions18 easy28 medium12 hard~29% of exam
A call center application should hide most of a customer's email address from nonprivileged users, but the actual values...You want Azure Storage to use a customer-managed key stored in Azure Key Vault. Which configuration is required on the k...Two inbound network security group rules match the same traffic. Which rule is processed first?
Secure compute
48 questions8 easy24 medium16 hard~24% of exam
A platform team wants per-project token limits and governance for model requests in Microsoft Foundry. Which feature sho...A security lead wants one Defender for Cloud view for AI discovery, AI threat protection, and attack paths tied to data ...You want applications and users to connect to Azure SQL by using Microsoft Entra identities. What must be configured fir...
Manage and monitor security posture
46 questions14 easy24 medium8 hard~23% of exam
A Key Vault firewall is enabled and a user can browse to the vault in the Azure portal but can't list secrets. What best...A policy assignment uses the deployIfNotExists effect to add a missing diagnostic setting to existing resources. What ad...A security team wants to understand the effect of a new Azure Policy before it starts blocking deployments. Which effect...
All Questions
| # | Question | Topic | Difficulty |
|---|---|---|---|
| 1 | A Key Vault firewall is enabled and a user can browse to the vault in the Azure portal but can't lis... | Manage and monitor security posture | medium |
| 2 | A policy assignment uses the deployIfNotExists effect to add a missing diagnostic setting to existin... | Manage and monitor security posture | hard |
| 3 | A call center application should hide most of a customer's email address from nonprivileged users, b... | Secure storage, databases, and networking | medium |
| 4 | You want Azure Storage to use a customer-managed key stored in Azure Key Vault. Which configuration ... | Secure storage, databases, and networking | medium |
| 5 | Two inbound network security group rules match the same traffic. Which rule is processed first? | Secure storage, databases, and networking | easy |
Sign in to see all 200 questions
Create a free account to browse all questions — completely free during our launch phase.
Ready to test your knowledge?
Take a full Microsoft Certified: Cloud and AI Security Engineer Associate practice test with timed exam simulation.
Start Practice Test