SC-900 Security Fundamentals

This practice exam is designed to assess your readiness for the SC-900 Security Compliance, and Identity Fundamentals exam. This quiz is NOT intended to simulate the actual exam. It is intended to test your knowledge of the concepts covered on the exam.

1 / 91

According to the shared responsibility model, which of the following computing models places the most responsibility on the cloud service provider (CSP)?

2 / 91

To implement a defense in-depth security methodology, which of the given measures will an organization implement?

3 / 91

Which of the following cyber-attacks aims to exhaust an application's resources, making the application unavailable to legitimate users?

4 / 91

______________ is/are used to implement encryption in transit, such as with HTTPS protocol for secure browsing, or certificate-based authentication on secure wi-fi networks.

5 / 91

Which of the following encryption types uses a public and private key pair for encrypting and decrypting data?

6 / 91

Microsoft’s six core privacy principles are:

7 / 91

Resources on the Service Trust Portal do not include which of the following?

8 / 91

The process of proving you are who you say you are is:

9 / 91

The act of granting an authenticated party permission to do something is:

10 / 91

Entra ID can be configured to allow users to authenticate with their social identities, such as Facebook or Google. In this scenario, Facebook and Google are serving as: (choose the best answer)

11 / 91

What is the relationship type that allows federated services to access resources?

12 / 91

Which of the following identity attacks attempts to match a username against a list of weak passwords?

13 / 91

Which of the following cloud solutions provides capabilities such as multifactor authentication (MFA), identity protection, and role-based access control?

14 / 91

Which of the following is not an Entra ID identity type?

15 / 91

The two types of external identities are:

16 / 91

Which of the following is an advantage of single sign-on?

17 / 91

Which of the following is NOT a feature of Entra ID Self-Service Password Reset (SSPR)?

18 / 91

Which of the following Entra ID features protects users from password spray attacks, and bans them from using weak passwords in a global list of banned passwords when setting or resetting their password?

19 / 91

Which of the following is discouraged as a secondary authentication factor due to known vulnerabilities?

20 / 91

Which of the following statements accurately depicts a difference between Windows Hello and Windows Hello for Business?

21 / 91

You need to implement multi-factor authentication for your Entra ID users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)

22 / 91

Which of the following is not a benefit of Entra ID Conditional Access policies?

23 / 91

Which of the following is not a benefit of Entra ID roles?

24 / 91

With Privileged Identity Management, users can not only activate their own eligible roles, but if desired, can also self-review their eligible roles during scheduled access reviews.

25 / 91

The probability that a given authentication request is not a request by the identity owner is referred to as "user risk".

26 / 91

A network security group (NSG) is comprised of inbound and outbound security rules. Rules are processed in priority order, with lower numbered rules processed _____________ higher numbers.

27 / 91

The Basic tier of Azure DDoS is free but must be enabled on each subscription.

28 / 91

Azure Firewall is a fully stateful firewall that offers high availability. High availability must be enabled, and the number of scale instances selected at deployment time.

29 / 91

What is the core value proposition of Azure Bastion?

30 / 91

Which secure score provides visualization of the current security posture of your cloud infrastructure, such as VMs, web app instances, and Azure SQL databases?

31 / 91

A security __________ is the implementation of a security benchmark for the specific Azure service.

32 / 91

Which of the following tools is used to collect and analyze large amounts of data from across your entire estate, including identity, endpoints, infrastructure, apps, and data to identify  and alert on potential security threats?

33 / 91

Which of the following is not an advantage of Azure Sentinel in providing integrated threat protection to your environment?

34 / 91

Which of the following Azure services monitor users, entity behavior, and activities with learning-based analytics to help protect user identities and credentials stored in on-premises Active Directory?

35 / 91

Which of these Azure services enables you to run realistic simulated phishing and password attack campaigns in your organization, and train users to raise their awareness of these attacks ?

36 / 91

Contoso IT recently implemented Microsoft Defender for Endpoint to better protect its Windows 10 endpoints. Which of the following is a feature of Endpoint behavioral sensors technology?

37 / 91

Which of the following services ingests network traffic logs to dynamically discover and analyze the cloud apps in use within your organization?

38 / 91

Which portal brings Defender for Endpoint, Defender for Office 365, and Microsoft Defender for Cloud Apps data together in consolidated a unified view and user experience?

39 / 91

Which secure score focuses on security across identities, apps, and data?

40 / 91

What are the categories shown on the secure score in Microsoft Defender portal?

41 / 91

_____ are a collection of correlated _____ created when a suspicious _____ is found.

42 / 91

Microsoft _____ is a cloud-based service that helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows.

43 / 91

_________________ enables continuous asset discovery and monitoring using built-in and agentless scanners continuously monitor and detect risk from devices, even when not connected to the corporate network. Risks are then prioritized based on threat intelligence and breach likelihood predictions.

44 / 91

Defender for Servers, Defender for Key Vault, and Defender for Storage are part of the foundational cloud security posture management (CSPM).

45 / 91

What the name of the unified portal that provides easy access to the data and tools you need to manage to your organization's compliance needs and track progress?

46 / 91

_____________ measures the progress in completing recommended improvement actions within Compliance Manager.

47 / 91

_______ use machine learning to intelligently classify your data.

48 / 91

Which of the following contains a snapshot of items (emails, files) that have a sensitivity or retention label applied or have been classified as a sensitive information type?

49 / 91

You use __________ to implement data __________.

50 / 91

Retention policies are used to assign the same retention settings to content at a __________ level or __________ level.

51 / 91

Retention labels are used to assign retention settings at an item level, such as folder, document, or email.

52 / 91

What is the difference between a document and a record?

53 / 91

Data loss prevention is a way to ensure sensitive information:

54 / 91

The content search tool enables in-place content search across all of the following EXCEPT

55 / 91

Which of the following is not a feature of core eDiscovery (Standard) workflow?

56 / 91

Which of the following is not a feature available only in advanced eDiscovery (Premium) workflow?

57 / 91

What is the name of the unified data governance service that enables end-to-end data lineage?

58 / 91

You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirements? (choose the best answer)

59 / 91

The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates, role-based access, and policies. Which Azure service enables delivery of templates for repeatable deployment  and configuration of new subscriptions and environments? (choose the best answer)

60 / 91

Which of the following Azure services is used to monitor Azure resources to ensure new and existing deployments are in compliance with the organization’s standards and regulatory requirements?

61 / 91

_______ is a collection of documentation, implementation guidance, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey.

62 / 91

Which of the following is a feature of advanced auditing in Microsoft 365?

63 / 91

The core audit capabilities of Microsoft Purview enable search across Microsoft 365 services through:

64 / 91

What is the core function of eDiscovery feature in Microsoft Purview?

65 / 91

Which of the following features available in the Microsoft Purview compliance portal provides automation of data subject requests (DSR)?

66 / 91

Which Microsoft Purview feature enables administrators to define policies to explicitly prevent communication between group or users within the organization to avoid regulatory breaches and conflict of interest issues?

67 / 91

Which of the following Microsoft Purview compliance solutions is focused on detecting and acting on unethical, illegal, and malicious behaviors?

68 / 91

Which of the following statements describes the difference between Compliance Manager and compliance score?  

69 / 91

Which of the following is an end-to-end solution in Microsoft Purview compliance portal that enables admins to manage and track compliance activities.?

70 / 91

What are the categories shown on the secure score in Microsoft Defender portal?

71 / 91

Which of the following tools help to deliver intelligent, automated, and integrated security across an organization’s domains, such as identities, endpoints, applications, and email?  

72 / 91

The cloud security posture management (CSPM) functionality in Microsoft Defender for Cloud includes:

73 / 91

You need to provide the following functionality for infrastructure across your on-premises and Azure infrastructure.

    • Monitor the security posture of compute resources in Azure and on-premises.


    • Scan images within Azure Container Registry to identify vulnerabilities


    • Monitor and detect unusual access attempts to Azure Storage accounts


Which solution should you recommend?

74 / 91

Which of the following is NOT a function of Microsoft Defender for Cloud? 

75 / 91

Which of the following Azure services offers protection from the following common attacks cataloged by OWASP? 1. SQL-injection attack 2. Cross-site scripting attack. 3. Cross-origin resource sharing (CORS) attacks. 4. Man-in-the-middle (MITM) attacks.

76 / 91

Your security admin needs to protect Azure resources from DDoS attacks, which of the given Azure DDoS Protection tiers will help your admin to enhance protection from attacks targeting Azure virtual network resources?  

77 / 91

Which of the following enables inclusion of risk as a signal in Conditional Access policy decisions in Microsoft Entra?

78 / 91

Which of the following is not a question answered by Entra ID Identity Governance?

79 / 91

Which of the following services performs the following functions leveraging event data from your on-premises Active Directory?

  • monitors and analyzes user activities and information across your network
  • creates a behavioral baseline for each user
  • Identifies anomalous behavior, suspicious activities, and events

80 / 91

Which of the following types of attack uses a formal email to convince users to sign in and change their password?  

81 / 91

Which of the following is not a service provided by on-premises Active Directory Domain Services (AD DS)?  

82 / 91

Entra ID can be configured to allow users to authenticate with their social identities, such as Facebook or Google. In this scenario, Facebook and Google are serving as: (choose the best answer)

83 / 91

Which of the following services helps to implement identity as the primary security perimeter? (choose the best answer)

84 / 91

Which principle of Zero Trust is demonstrated by these services or features?

        • Just-In-Time and Just-Enough Access (JIT/JEA)
        • RBAC and conditional access
        • Sensitivity labels and policies





85 / 91

You can configure access to the secrets in Azure Key Vault using Azure RBAC (role based access control).

86 / 91

Entra Connect and Entra Cloud Sync are used to configure which of the following identity models?

87 / 91

To enable users to securely access company resources from anywhere, the security team wants to support OATH tokens (one-time password) as a second authentication factor for Entra ID. What Microsoft solution enables use of OATH tokens for Entra ID and other identity providers?

88 / 91

Adherence to mandatory regulations, whether multi-national, national, state or federal laws or industry that an organization must follow is known as

89 / 91

The VMs and other services in different virtual networks within the same subscription can communicate by default.

90 / 91

Access reviews in Entra ID can be configured to be self-completed by the eligible members of the privileged roles.

91 / 91

Which of the following services can identify over-privileged workload and user identities, actions, and resources across multi-cloud infrastructures and assess permissions risk based on permissions assigned vs permissions used?