SC-900 Security Fundamentals

This practice exam is designed to assess your readiness for the SC-900 Security Compliance, and Identity Fundamentals exam. This quiz is NOT intended to simulate the actual exam. It is intended to test your knowledge of the concepts covered on the exam.

1 / 84

Microsoft’s six core privacy principles are:

2 / 84

Which of the following encryption types uses a public and private key pair for encrypting and decrypting data?

3 / 84

______________ is/are used to implement encryption in transit, such as with HTTPS protocol for secure browsing, or certificate-based authentication on secure wi-fi networks.

4 / 84

Which of the following cyber-attacks aims to exhaust an application's resources, making the application unavailable to legitimate users?

5 / 84

To implement a defense in-depth security methodology, which of the given measures will an organization implement?

6 / 84

According to the shared responsibility model, which of the following computing models places the most responsibility on the cloud service provider (CSP)?

7 / 84

Which principle of Zero Trust is demonstrated by these services or features?

  • Just-In-Time and Just-Enough Access (JIT/JEA)
  • RBAC and conditional access
  • Sensitivity labels and policies

8 / 84

The probability that a given authentication request is not a request by the identity owner is referred to as "user risk".

9 / 84

With Privileged Identity Management, users can not only activate their own eligible roles, but if desired, can also self-review their eligible roles during scheduled access reviews.

10 / 84

Contoso IT needs to streamline resource provisioning for new employees and new project team members. Which of the following features should they use?


11 / 84

Which of the following is not a question answered by Azure AD Identity Governance?

12 / 84

Which of the following is not a benefit of Azure AD roles?

13 / 84

Which of the following is not a benefit of Azure AD Conditional Access policies?

14 / 84

You need to implement multi-factor authentication for your Azure Active Directory users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)

15 / 84

Which of the following statements accurately depicts a difference between Windows Hello and Windows Hello for Business?

16 / 84

Which of the following is discouraged as a secondary authentication factor due to known vulnerabilities?

17 / 84

Which of the following Azure AD features protects users from password spray attacks, and bans them from using weak passwords in a global list of banned passwords when setting or resetting their password?

18 / 84

Which of the following is NOT a feature of Azure AD Self-Service Password Reset (SSPR)?

19 / 84

Which of the following is an advantage of single sign-on?

20 / 84

The two types of external identities are:

21 / 84

Which of the following services performs the following functions leveraging event data from your on-premises Active Directory?

  • monitors and analyzes user activities and information across your network
  • creates a behavioral baseline for each user
  • Identifies anomalous behavior, suspicious activities, and events

22 / 84

Which of the following is not an Azure AD identity type?

23 / 84

Which of the following cloud solutions provides capabilities such as multifactor authentication (MFA), identity protection, and role-based access control?

24 / 84

Which of the following types of attack uses a formal email to convince users to sign in and change their password?


25 / 84

Which of the following identity attacks attempts to match a username against a list of weak passwords?

26 / 84

What is the relationship type that allows federated services to access resources?

27 / 84

Which of the following is not a service provided by on-premises Active Directory Domain Services (AD DS)?


28 / 84

Azure AD can be configured to allow users to authenticate with their social identities, such as Facebook or Google. In this scenario, Facebook and Google are serving as: (choose the best answer)

29 / 84

The act of granting an authenticated party permission to do something is:

30 / 84

The process of proving you are who you say you are is:

31 / 84

Which of the following services helps to implement identity as the primary security perimeter? (choose the best answer)


32 / 84

The Microsoft Endpoint Manager Admin Center, which combines services into a single portal, including Intune, Configuration Manager, Desktop Analytics, and Windows Autopilot. You can find this portal at:

33 / 84

_________________ policies are designed to enable easy configuration targeting a specific aspect of device security to manage security tasks for devices when those devices are at risk.

34 / 84

Microsoft _____ is a cloud-based service that focuses on mobile device management, mobile application management, and endpoint security.

35 / 84

_____ are a collection of correlated _____ created when a suspicious _____ is found.

36 / 84

What are the categories shown on the Microsoft 365 security dashboard?

37 / 84

Which secure score focuses on security across identities, apps, and data?

38 / 84

Which portal brings Defender for Endpoint, Defender for Office 365, and Microsoft Cloud App Security data together in consolidated a unified view and user experience?

39 / 84

Which of the following services ingests network traffic logs to dynamically discover and analyze the cloud apps in use within your organization?

40 / 84

Contoso IT recently implemented Microsoft Defender for Endpoint to better protect its Windows 10 endpoints. Which of the following is a feature of Endpoint behavioral sensors technology?

41 / 84

Which of these Azure services enables you to run realistic simulated phishing and password attack campaigns in your organization, and train users to raise their awareness of these attacks ?

42 / 84

Which of the following Azure services monitor users, entity behavior, and activities with learning-based analytics to help protect user identities and credentials stored in on-premises Active Directory?

43 / 84

Which of the following is not an advantage of Azure Sentinel in providing integrated threat protection to your environment?

44 / 84

Which of the following tools help to deliver intelligent, automated, and integrated security across an organization’s domains, such as identities, endpoints, applications, and email?


45 / 84

Which of the following tools is used to collect and analyze large amounts of data from across your entire estate, including identity, endpoints, infrastructure, apps, and data to identify  and alert on potential security threats?

46 / 84

A security __________ is the implementation of a security benchmark for the specific Azure service.

47 / 84

The cloud security posture management (CSPM) functionality in Azure Security Center includes:

48 / 84

You need to provide the following functionality for infrastructure across your on-premises and Azure infrastructure.

  • Monitor the security posture of compute resources in Azure and on-premises.
  • Scan images within Azure Container Registry to identify vulnerabilities
  • Monitor and detect unusual access attempts to Azure Storage accounts

Which solution should you recommend?

49 / 84

Which secure score provides visualization of the current security posture of your cloud infrastructure, such as VMs, web app instances, and Azure SQL databases?

50 / 84

Which of the following is NOT a function of Azure Security Center?


51 / 84

Transparent data encryption (TDE) encrypts data in which of the following scenarios?

52 / 84

Which of the following Azure services offers protection from the following common attacks cataloged by OWASP?
1. SQL-injection attack
2. Cross-site scripting attack.
3. Cross-origin resource sharing (CORS) attacks.
4. Man-in-the-middle (MITM) attacks.

53 / 84

What is the core value proposition of Azure Bastion?

54 / 84

Azure Firewall is a fully stateful firewall that offers high availability. High availability must be enabled, and the number of scale instances selected at deployment time.

55 / 84

The Basic tier of Azure DDoS is free but must be enabled on each subscription.

56 / 84

Your security admin needs to protect Azure resources from DDoS attacks, which of the given Azure DDoS Protection tiers will help your admin to enhance protection from attacks targeting Azure virtual network resources?


57 / 84

A network security group (NSG) is comprised of inbound and outbound security rules. Rules are processed in priority order, with lower numbered rules processed _____________ higher numbers.

58 / 84

_______ is a collection of documentation, implementation guidance, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey.

59 / 84

Which of the following Azure services is used to monitor Azure resources to ensure new and existing deployments are in compliance with the organization’s standards and regulatory requirements?

60 / 84

The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates, role-based access, and policies. Which Azure service enables delivery of templates for repeatable deployment  and configuration of new subscriptions and environments? (choose the best answer)

61 / 84

You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirements? (choose the best answer)

62 / 84

Which of the following is a feature of advanced auditing in Microsoft 365?

63 / 84

The core audit capabilities of Microsoft 365 enable search across Microsoft 365 services through:

64 / 84

What is the name of the unified data governance service that enables end-to-end data lineage?

65 / 84

Which of the following is not a feature available only in Advanced eDiscovery workflow?

66 / 84

Which of the following is not a feature of core eDiscovery workflow?

67 / 84

The content search tool enables in-place content search across all of the following EXCEPT

68 / 84

What is the core function of eDiscovery feature in Microsoft 365?

69 / 84

What is the purpose of the Customer Lockbox feature of Office 365?

70 / 84

Which of the following Microsoft 365 compliance features provides granular access control over privileged admin tasks in Microsoft 365?

71 / 84

Which Microsoft 365 feature enables administrators to define policies to explicitly prevent communication between group or users within the organization to avoid regulatory breaches and conflict of interest issues?

72 / 84

Which Microsoft 365 feature is designed to monitor internal user communication for both inadvertent and malicious content that conflicts with corporate policies and standards, such as in appropriate and objectionable language, such as obscenities or harassment?

73 / 84

Which of the following Microsoft 365 compliance solutions is focused on detecting and acting on unethical, illegal, and malicious behaviors?

74 / 84

Data loss prevention is a way to ensure sensitive information:

75 / 84

What is the difference between a document and a record?

76 / 84

Retention labels are used to assign retention settings at an item level, such as folder, document, or email.

77 / 84

Retention policies are used to assign the same retention settings to content at a __________ level or __________ level.

78 / 84

You use __________ implement data __________.

79 / 84

Which of the following contains a snapshot of items (emails, files) that have a sensitivity or retention label applied or have been classified as a sensitive information type?

80 / 84

_______ use machine learning to intelligently classify your data.

81 / 84

Which of the following statements describes the difference between Compliance Manager and compliance score?


82 / 84

_____________ measures the progress in completing recommended improvement actions within Compliance Manager.

83 / 84

Which of the following is an end-to-end solution in Microsoft 365 Compliance Center that enables admins to manage and track compliance activities.?

84 / 84

What the name of the unified portal that provides easy access to the data and tools you need to manage to your organization's compliance needs and track progress?