Objectives in this domain

Evaluate solutions for securing Microsoft 365 productivity and collaboration workloads.
Section 4.1medium
Design solutions for securing applications across their full lifecycle, including threat modeling and workload identities.
Section 4.2hard
Design solutions for securing an organization's data, including classification, encryption, and database protection.
Section 4.3hard

Sample question from this domain

Free sampleDesign Security Solutions for Applications and Datahard

A product team is about to begin building a new customer-facing payments service and asks a security architect when, in the application lifecycle, design-level security flaws such as missing authorisation boundaries and unsafe trust assumptions should be identified. The architect wants the practice that surfaces these flaws before code is written, by reasoning about the system's data flows and trust boundaries. Which practice best meets this requirement?

APerform threat modeling during the design phase, enumerating data flows and trust boundaries to identify and rank design weaknesses before any code exists. Correct
BRun dynamic application security testing against a deployed staging build so that exploitable runtime weaknesses are discovered before the service reaches production traffic.
CAdd static application security testing to the build pipeline so that insecure coding patterns are flagged automatically every time a developer commits source.
DSchedule an external penetration test ahead of launch so that an independent team validates the service's defences against realistic attacker techniques first.

Threat modeling is the design-phase practice that reveals architectural and trust-boundary flaws before code exists, unlike testing that runs against built software. Threat modeling reasons about a system's data flows, trust boundaries, and assets to enumerate how it could be attacked while the design is still on paper. Because it precedes implementation, it catches authorisation, trust, and exposure flaws when they are cheapest to fix, which testing techniques that need running or committed code cannot do.

Why A is correct: Threat modeling is the design-phase activity that maps data flows and trust boundaries to expose architectural weaknesses such as missing authorisation, so it identifies and ranks design flaws exactly when the requirement demands, before implementation begins.

Why B is wrong: Dynamic testing is valuable and tempting because it finds real exploitable issues, but it runs against built, deployed code and so cannot surface the design-level trust-boundary flaws the requirement targets before code is written.

Why C is wrong: Static analysis catches insecure code patterns and feels like the earliest control, but it operates on committed source rather than the architecture, so it misses design flaws that exist before code and that no scanner reads from a diagram.

Why D is wrong: A penetration test gives independent assurance and is appealing as a gate, but it happens against a near-complete system late in the lifecycle, so it finds design flaws only after they are expensively built rather than before code is written.

Other domains in this exam

Design Solutions that Align with Security Best Practices and Priorities23% of the exam
Design Security Operations, Identity, and Compliance Capabilities27% of the exam
Design Security Solutions for Infrastructure27% of the exam

See also the SC-100 cert hub, the study guide, and the cheat sheet.