Free SC-900 Sample Questions — Microsoft Security, Compliance, and Identity Fundamentals

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

• A. conditional access policies
• B. Azure AD Identity Protection
• C. Azure AD Privileged Identity Management (PIM)
• D. authentication method policies

What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?

• A. operating systems
• B. network controls
• C. applications
• D. accounts and identities

What feature supports email as a method of authenticating users?

• A. Microsoft Entra ID Protection
• B. Microsoft Entra Multi-Factor Authentication (MFA)
• C. self-service password reset (SSPR)
• D. Microsoft Entra Password Protection

Which Microsoft Purview feature allows users to identify content that should be protected?

• A. Sensitivity Labels
• B. Data loss prevention
• C. eDiscovery
• D. Insider Risks

Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Display policy tips to users who are about to violate your organization's policies
• B. Enable disk encryption on endpoints
• C. Protect documents in Microsoft OneDrive that contain sensitive information
• D. Apply security baselines to devices

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

• A. to control how often users must change their passwords
• B. to identify devices to which users can sign in without using multi-factor authentication (MFA)
• C. to encrypt a password by using globally recognized encryption standards
• D. to prevent users from using specific words in their passwords

Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?

• A. Windows 10 and newer only
• B. Windows 10 and newer and Android only
• C. Windows 10 and newer and macOS only
• D. Windows 10 and newer, Android, and macOS

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?

• A. threat modeling
• B. identity as the security perimeter
• C. defense in depth
• D. the shared responsibility model

Which security feature is available in the free mode of Microsoft Defender for Cloud?

• A. threat protection alerts
• B. just-in-time (JIT) VM access to Azure virtual machines
• C. vulnerability scanning of virtual machines
• D. secure score

Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?

• A. Microsoft Service Trust Portal
• B. Compliance Manager
• C. Microsoft 365 compliance center
• D. Microsoft Support

Which two cards are available in the Microsoft 365 Defender portal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Devices at risk
• B. Compliance Score
• C. Service Health
• D. User Management
• E. Users at risk

What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?

• A. Attack simulator
• B. Reports
• C. Hunting
• D. Incidents

Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

• A. Adoption Score
• B. Microsoft Secure Score
• C. Secure score in Microsoft Defender for Cloud
• D. Compliance score

Which two Azure resources can a network security group (NSG) be associated with? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. a virtual network subnet
• B. a network interface
• C. a resource group
• D. a virtual network
• E. an Azure App Service web app

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

• A. Microsoft Defender for Office 365
• B. Microsoft Defender Antivirus
• C. Microsoft Defender for Identity
• D. Microsoft Defender for Endpoint

What Microsoft Purview feature can use machine learning algorithms to detect and automatically protect sensitive items?

• A. eDiscovery
• B. Data loss prevention
• C. Information risks
• D. Communication compliance

Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?

• A. integration with the Microsoft 365 compliance center
• B. support for threat hunting
• C. integration with Microsoft 365 Defender
• D. support for Azure Monitor Workbooks

What are two reasons to deploy multiple virtual networks instead of using just one virtual network? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. to meet governance policies
• B. to connect multiple types of resources
• C. to separate the resources for budgeting
• D. to isolate the resources

Which type of identity can be used with an Azure service and will be deleted automatically when the service is deleted?

• A. user-assigned managed identity
• B. service principal
• C. user
• D. system-assigned managed identity

What can you use to provide threat detection for Azure SQL Managed Instance?

• A. Microsoft Secure Score
• B. application security groups
• C. Microsoft Defender for Cloud
• D. Azure Bastion