Question 4 - Microsoft Cybersecurity SC-100 Real Exam Questions [March 2026 Update]

Q: 4

Your company has on-premises Microsoft SQL Server databases. The company plans to move the databases to Azure. You need to recommend a secure architecture for the databases that will minimize operational requirements for patching and protect sensitive data by using dynamic data masking. The solution must minimize costs. What should you include in the recommendation?

Options

Discussion

Luna Mar 1, 2026 6:51 pm

C. Azure SQL Database

Sam Feb 23, 2026 9:19 am

C , saw similar logic in the official guide and practice questions for SC-100.

Jason U. Feb 26, 2026 8:30 pm

A tbh. I've seen similar exam questions pick A, since Managed Instance handles patching and supports masking too.

Alex Z. Feb 21, 2026 2:36 pm

Not A, C. Managed Instance adds cost and you only need database-level features here.

Sam P. Feb 16, 2026 8:39 am

C, easy call here

ThoughtfulReviewer1700 Mar 2, 2026 2:09 am

Adam B. Feb 26, 2026 11:48 am

Option C for me. SQL Database keeps patching simple, has DDM built in, plus it's cheapest overall. Pretty sure that's what they're looking for here.

FocusedAnalyst6738 Mar 3, 2026 11:30 am

C tbh, had something like this in a mock. Azure SQL Database covers patching and data masking with less effort or cost than the other options.

HelpfulSec9381 Feb 28, 2026 1:03 am

C , Azure SQL Database makes patching hands-off and supports dynamic data masking natively. Managed Instance (A) is more expensive and really only needed for full instance-level features, which the question doesn't mention. Saw this same logic in Microsoft official docs and a few practice tests.

Jack J. Mar 4, 2026 11:06 pm

A but what if you need agent jobs or full instance-level features? Managed Instance cuts down patching too.

Be respectful. No spam.

Correct Answer:

Explanation

Azure SQL Database is a fully managed Platform as a Service (PaaS) offering. This model abstracts the underlying infrastructure, meaning Microsoft handles all patching and updates automatically, which directly fulfills the requirement to minimize operational requirements. It natively supports security features like Dynamic Data Masking to protect sensitive data. For migrating individual or groups of databases without complex instance-level dependencies, Azure SQL Database is generally the most cost-effective solution compared to other PaaS options like Azure SQL Managed Instance, thus meeting all the specified criteria.

Why Incorrect

A. Azure SQL Managed Instance: While it is a PaaS service that automates patching and supports dynamic data masking, it is typically more expensive than Azure SQL Database and is designed for migrations requiring instance-level features.

B. Azure Synapse Analytics dedicated SQL pools: This service is optimized for large-scale data warehousing and analytics, not for general-purpose transactional databases. It is an unnecessarily complex and costly option for this scenario.

D. SQL Server on Azure Virtual Machines: This is an Infrastructure as a Service (IaaS) solution. It requires the customer to manage and perform all patching for both the operating system and SQL Server, directly contradicting the requirement to minimize operational effort.

References

1. Microsoft Learn

"Choose an Azure SQL option": This document compares the Azure SQL offerings. It states that Azure SQL Database is a "fully managed SQL database" where "Microsoft is responsible for all patching and updating of the SQL code base". It also positions SQL Database as having the "Lowest cost in PaaS". For SQL Server on Azure VMs

it explicitly lists "OS and SQL Server patching" as a customer responsibility.

Reference Section: "Compare the options" table.

2. Microsoft Learn

"What is Azure SQL Database?": This document describes the service

stating it is a "fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading

patching

backups

and monitoring without user involvement."

Reference Section: "Overview".

3. Microsoft Learn

"Dynamic Data Masking": This documentation confirms that Dynamic Data Masking is a supported feature in Azure SQL Database

Azure SQL Managed Instance

and Azure Synapse Analytics.

Reference Section: "Applies to" and "Permissions".

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE