Premium SC-900 MCQs and Practice Test by Killexams.com

Microsoft Security, Compliance, and Identity Fundamentals Practice Test

SC-900 test Format | Course Contents | Course Outline | test Syllabus | test Objectives

Exam Code: SC-900
Exam Name: Microsoft Security- Compliance- and Identity Fundamentals
Certification: Microsoft Certified: Security- Compliance- and Identity Fundamentals
Level: Fundamental (Beginner-friendly)
Duration: 60 minutes
Number of Questions: 40-60 questions (multiple-choice- drag-and-drop- case studies)
Passing Score: 700/1000 (scored on a scale of 1-1000)

Describe the concepts of security- compliance- and identity (10–15%)
Describe the capabilities of Microsoft Entra (25–30%)
Describe the capabilities of Microsoft security solutions (35–40%)
Describe the capabilities of Microsoft compliance solutions (20–25%)

Describe the concepts of security- compliance- and identity (10–15%)
- security and compliance concepts
- the shared responsibility model
- defense-in-depth
- the Zero Trust model
- encryption and hashing
- Governance- Risk- and Compliance (GRC) concepts
- identity concepts
- identity as the primary security perimeter
- authentication
- authorization
- identity providers
- the concept of directory services and Active Directory
- the concept of federation

Describe the capabilities of Microsoft Entra (25–30%)
- function and identity types of Microsoft Entra ID
- Microsoft Entra ID
- types of identities
- hybrid identity
- authentication capabilities of Microsoft Entra ID
- the authentication methods
- multi-factor authentication (MFA)
- password protection and management capabilities
- access management capabilities of Microsoft Entra ID
- Conditional Access
- Microsoft Entra roles and role-based access control (RBAC)
- identity protection and governance capabilities of Microsoft Entra
- Microsoft Entra ID Governance
- access reviews
- the capabilities of Microsoft Entra Privileged Identity Management
- Microsoft Entra ID Protection
- Microsoft Entra Permissions Management

- the capabilities of Microsoft security solutions (35–40%)
- core infrastructure security services in Azure
- Azure distributed denial-of-service (DDoS) Protection
- Azure Firewall
- Web Application Firewall (WAF)
- network segmentation with Azure virtual networks
- network security groups (NSGs)
- Azure Bastion
- Azure Key Vault
- security management capabilities of Azure
- Microsoft Defender for Cloud
- Cloud Security Posture Management (CSPM)
- how security policies and initiatives Boost the cloud security posture
- enhanced security features provided by cloud workload protection
- capabilities of Microsoft Sentinel
- security information and event management (SIEM) and security orchestration automated response (SOAR)
- threat detection and mitigation capabilities in Microsoft Sentinel
- threat protection with Microsoft Defender XDR
- Microsoft Defender XDR services
- Microsoft Defender for Office 365
- Microsoft Defender for Endpoint
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity
- Microsoft Defender Vulnerability Management
- Microsoft Defender Threat Intelligence (Defender TI)
- the Microsoft Defender portal

Describe the capabilities of Microsoft compliance solutions (20–25%)
- Microsoft Service Trust Portal and privacy principles
- the Service Trust Portal offerings
- the privacy principles of Microsoft
- Microsoft Priva
- compliance management capabilities of Microsoft Purview
- the Microsoft Purview compliance portal
- Compliance Manager
- the uses and benefits of compliance score
- information protection- data lifecycle management- and data governance capabilities of Microsoft Purview
- the data classification capabilities
- the benefits of Content explorer and Activity explorer
- sensitivity labels and sensitivity label policies
- data loss prevention (DLP)
- records management
- retention policies- retention labels- and retention label policies
- unified data governance solutions in Microsoft Purview
- insider risk- eDiscovery- and audit capabilities in Microsoft Purview
- insider risk management
- eDiscovery solutions in Microsoft Purview
- audit solutions in Microsoft Purview

100% Money Back Pass Guarantee

SC-900 PDF trial MCQs

SC-900 trial MCQs

SC-900 MCQs
SC-900 TestPrep
SC-900 Study Guide
SC-900 Practice Test
SC-900 test Questions
killexams.com
Microsoft
SC-900
Microsoft Security, Compliance, and Identity Fundamentals
https://killexams.com/pass4sure/exam-detail/SC-900
Question: 309
An organization uses Microsoft Entra ID to manage user identities. A security administrator configures a
custom role with the following JSON definition to restrict access to specific Azure resources:
{
"Name": "CustomReader",
"Actions": [
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/12345678-1234-1234-1234-1234567890ab"
]
}
Which identity concept is this configuration addressing?
A. Authentication
B. Authorization
C. Directory Services
D. Identity Providers
Answer: B
Explanation: The custom role defines permissions for accessing specific Azure resources, which is an
aspect of authorization, determining what actions a user can perform after authentication.
Question: 310
An organization uses Microsoft Purview to Boost its compliance score. The compliance manager
recommends implementing Microsoft 365 Insider Risk Management. How does this action impact the
compliance score?
A. It has no impact unless sensitivity labels are applied to user activities
B. It increases the score by addressing improvement actions related to user behavior monitoring
C. It decreases the score due to increased configuration complexity
D. It only affects the score if DLP policies are disabled
Answer: B
Explanation: Implementing Microsoft 365 Insider Risk Management in Microsoft Purview addresses
improvement actions related to monitoring user behavior for potential data risks, improving the
compliance score. Sensitivity labels, DLP policies, and configuration complexity do not negate the
positive impact of enabling Insider Risk Management.
Question: 311
An organization uses Microsoft Sentinel as a SIEM solution. They configure an analytic rule to detect
suspicious PowerShell activity using the KQL query below. The rule generates false positives for
legitimate administrative tasks. What modification should the team make to reduce false positives?
Exhibit:
SecurityEvent
| where EventID == 4688
| where CommandLine contains "powershell"
| summarize ProcessCount = count() by Account, Computer, bin(TimeGenerated, 1h)
| where ProcessCount > 10
A. Increase the ProcessCount threshold to 20
B. Add a filter to exclude known administrative accounts
C. Reduce the time window to 30 minutes
D. Replace EventID 4688 with EventID 4104
Answer: B
Explanation: Filtering out known administrative accounts reduces false positives by excluding legitimate
PowerShell usage. EventID 4688 tracks process creation, which is appropriate for detecting PowerShell
execution. Increasing the threshold or reducing the time window may miss suspicious activity, and
EventID 4104 (script block logging) requires additional configuration and may not cover all PowerShell
activity.
Question: 312
An organization implements a security strategy requiring continuous validation of user identities across
all access attempts. The system uses machine learning to analyze user behavior patterns and triggers step-
up authentication when anomalies are detected. Which model is this organization adopting?
A. Defense-in-Depth
B. Governance, Risk, and Compliance (GRC)
C. Zero Trust
D. Shared Responsibility Model
Answer: C
Explanation: The Zero Trust model emphasizes continuous validation of identities and assumes no
implicit trust, requiring verification for every access attempt. Machine learning-based behavior analysis
and step-up authentication align with Zero Trust principles, ensuring robust security by dynamically
assessing risk.
Question: 313
An organization implements Microsoft Entra ID and wants to enforce strong authentication for users
accessing sensitive applications. The IT team configures a Conditional Access policy that requires multi-
factor authentication (MFA) for all users. However, they notice that some users are still able to access
applications without MFA. Confirm the users are part of a dynamic group
B. Ensure the Conditional Access policy excludes trusted locations
C. Verify the application�s enterprise settings for MFA
D. Which setting should be Tested to ensure MFA is enforced?
D. Check the Azure AD tenant�s MFA registration policy
Answer: D
Explanation: The MFA registration policy in Microsoft Entra ID determines whether users are prompted
to register for MFA. If users haven�t registered, they may bypass Conditional Access policies requiring
MFA. Excluding trusted locations could weaken enforcement but doesn�t address registration.
Application settings may require MFA but rely on user registration, and dynamic groups are unrelated to
MFA enforcement.
Question: 314
A company uses Azure to host a web application. The application stores sensitive customer data in an
Azure SQL Database, encrypted using Transparent Data Encryption (TDE) with a customer-managed key
stored in Azure Key Vault. Which component of the shared responsibility model is the customer
responsible for securing?
A. Physical infrastructure of Azure data centers
B. Management of the Azure Key Vault service
C. Configuration of the Azure SQL Database firewall
D. Patching of the Azure SQL Database engine
Answer: C
Explanation: In the shared responsibility model, Microsoft is responsible for securing the physical
infrastructure and patching the database engine, while the customer manages configurations like the
Azure SQL Database firewall and the customer-managed key in Azure Key Vault.
Question: 315
An organization wants to use Compliance Manager to automate the assignment of compliance tasks to
specific roles based on GDPR requirements. Which feature allows them to customize task workflows and
assign responsibilities?
A. Improvement Actions
B. Assessment Templates
C. Action Items
D. Solutions
Answer: A
Explanation: Improvement Actions in Compliance Manager allow organizations to customize and assign
compliance tasks, including GDPR-related responsibilities, with automated workflows. Action Items
track tasks, Assessment Templates evaluate compliance, and Solutions provide general tools without task
customization.
Question: 316
An organization uses Microsoft Purview to apply sensitivity labels. They want to ensure that documents
labeled "Public" are accessible to external users without encryption. Which sensitivity label setting
should be configured?
A. Enable content marking with a watermark indicating "Public"
B. Configure the label with no encryption and allow external user access
C. Set up a DLP rule to allow external sharing of labeled documents
D. Apply co-author permissions to allow external editing
Answer: B
Explanation: Sensitivity labels in Microsoft Purview can control encryption and access. Configuring a
"Public" label with no encryption and allowing external user access ensures external users can view
documents without restrictions. Content marking adds visual indicators, DLP rules control sharing but
not access, and co-author permissions are for editing, not access.
Question: 317
An administrator is configuring Microsoft Priva to detect overexposed personal data in Teams chats, such
as passport numbers shared with external users. They need to set a policy with a confidence level of 90%
and trigger alerts. Which Priva feature and configuration should they use?
A. Data Loss Prevention, Teams Policy
B. Privacy Risk Management, Overexposure Policy
C. Records Management, Retention Label
D. Subject Rights Request, Data Exposure
Answer: B
Explanation: Privacy Risk Management in Microsoft Priva allows configuring Overexposure Policies to
detect sensitive data, like passport numbers in Teams, with a specified confidence level (90%) and trigger
alerts. Data Loss Prevention focuses on preventing leaks, Records Management handles retention, and
Subject Rights Requests address data queries.
Question: 318
An enterprise uses Microsoft Entra ID to secure access to a custom application. The application requires
fine-grained access control based on user roles and group memberships. The IT team wants to implement
a solution that dynamically assigns roles to users based on their attributes, such as department or
location. Which Microsoft Entra ID feature should be used?
A. Azure AD Privileged Identity Management (PIM)
B. Role-based access control (RBAC)
C. Dynamic group membership
D. Static group assignments
Answer: C
Explanation: Dynamic group membership in Microsoft Entra ID allows groups to be populated
automatically based on user attributes, such as department or location. This enables fine-grained access
control when combined with role assignments for applications. PIM manages privileged roles, RBAC
assigns roles but doesn�t dynamically adjust group membership, and static group assignments require
manual updates, which doesn�t meet the dynamic requirement.
Question: 319
An organization uses Microsoft Entra ID to manage identities for a cloud-native application. The IT team
needs to implement a solution that allows temporary access to resources for contractors without creating
permanent accounts. Which Microsoft Entra ID feature supports this requirement?
A. Entitlement Management
B. Azure AD B2C
C. Azure AD B2B collaboration
D. Privileged Identity Management
Answer: A
Explanation: Entitlement Management in Microsoft Entra ID allows organizations to manage access
packages, enabling temporary access for users like contractors without permanent accounts. Azure AD
B2B is for external collaboration, B2C is for consumer apps, and PIM manages privileged roles, none of
which directly support temporary access management.
Question: 320
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Graphical user interface, text, application
Description automatically generated
Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
Reference: https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-
worldwide
Question: 321
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Answer:
Explanation:
Graphical user interface, text, application, email
Description automatically generated
Question: 322
DRAG DROP
Match the Azure networking service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the right. Each service may be
used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Answer:
Explanation:
Graphical user interface, application
Description automatically generated
Box 1: Azure Firewall
Azure Firewall provide Source Network Address Translation and Destination Network Address Translation.
Box 2: Azure Bastion
Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure
portal over TLS.
Box 3: Network security group (NSG)
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual
network.
Question: 323
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Text, letter
Description automatically generated
Question: 324
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Text
Description automatically generated
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security
orchestration automated response (SOAR) solution.
Question: 325
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Graphical user interface, text
Description automatically generated
Question: 326
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Graphical user interface, text
Description automatically generated with medium confidence
Question: 327
HOTSPOT
Select the answer that correctly completes the sentence.
Answer:
Explanation:
Graphical user interface, application
Description automatically generated
Question: 328
Which score measures an organization�s progress in completing actions that help reduce risks associated to data
protection and regulatory standards?
A. Microsoft Secure Score
B. Productivity Score
C. Secure score in Azure Security Center
D. Compliance score
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide
Question: 329
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Graphical user interface, text, application
Description automatically generated
Box 1: Yes
You can use sensitivity labels to provide protection settings that include encryption of emails and documents to prevent
unauthorized people from accessing this data.
Box 2: Yes
You can use sensitivity labels to mark the content when you use Office apps, by adding watermarks, headers, or
footers to documents that have the label applied.
Box 3: Yes
You can use sensitivity labels to mark the content when you use Office apps, by adding headers, or footers to email
that have the label applied.
Question: 330
What do you use to provide real-time integration between Azure Sentinel and another security source?
A. Azure AD Connect
B. a Log Analytics workspace
C. Azure Information Protection
D. a connector
Answer: D
Explanation:
To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number
of connectors for Microsoft solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources,
including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Cloud App Security, etc.
Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview
KILLEXAMS.COM
Killexams.com is a leading online platform specializing in high-quality certification
exam preparation. Offering a robust suite of tools, including MCQs, practice tests,
and advanced test engines, Killexams.com empowers candidates to excel in their
certification exams. Discover the key features that make Killexams.com the go-to
choice for test success.
Exam Questions:
Killexams.com provides test questions that are experienced in test centers. These questions are
updated regularly to ensure they are up-to-date and relevant to the latest test syllabus. By
studying these questions, candidates can familiarize themselves with the content and format of
the real exam.
Exam MCQs:
Killexams.com offers test MCQs in PDF format. These questions contain a comprehensive
collection of Braindumps that cover the test topics. By using these MCQs, candidate
can enhance their knowledge and Boost their chances of success in the certification exam.
Practice Test:
Killexams.com provides practice test through their desktop test engine and online test engine.
These practice tests simulate the real test environment and help candidates assess their
readiness for the genuine exam. The practice test cover a wide range of questions and enable
candidates to identify their strengths and weaknesses.
Guaranteed Success:
Killexams.com offers a success guarantee with the test MCQs. Killexams claim that by using this
materials, candidates will pass their exams on the first attempt or they will get refund for the
purchase price. This guarantee provides assurance and confidence to individuals preparing for
certification exam.
Updated Contents:
Killexams.com regularly updates its question bank of MCQs to ensure that they are current and
reflect the latest changes in the test syllabus. This helps candidates stay up-to-date with the exam
content and increases their chances of success.

Killexams VCE Test Engine (Self Assessment Tool)

Download Killexams-Exam-Simulator-3.0.9.rar

Killexams has introduced Online Test Engine (OTE) that supports iPhone, iPad, Android, Windows and Mac. SC-900 Online Testing system will helps you to study and practice using any device. Our OTE provide all features to help you memorize and practice test Braindumps while you are travelling or visiting somewhere. It is best to Practice SC-900 MCQs so that you can answer all the questions asked in test center. Our Test Engine uses Questions and Answers from genuine Microsoft Security, Compliance, and Identity Fundamentals exam.

Killexams Online Test Engine Test Screen

Killexams Online Test Engine Progress Chart

Killexams Online Test Engine Test History Graph

Killexams Online Test Engine Performance History

Killexams Online Test Engine Result Details

Online Test Engine maintains performance records, performance graphs, explanations and references (if provided). Automated test preparation makes much easy to cover complete pool of MCQs in fastest way possible. SC-900 Test Engine is updated on daily basis.

Do not Miss these free SC-900 MCQs for practice

Save time and money by skipping the search for updated Microsoft Security, Compliance, and Identity Fundamentals questions. Register on killexams.com to get free practice test samples and purchase the complete SC-900 practice questions version. Study with our premium practice test materials, available through Online Test Engine or Desktop Test Engine, and confidently pass the SC-900 exam.

Latest 2026 Updated SC-900 Real test Questions

If you are seeking the latest and most current practice tests to excel in the Microsoft SC-900 test and secure a high-paying career opportunity, Killexams.com is your ultimate solution. By registering with our exclusive discount coupons, you gain access to 2026-updated, authentic SC-900 questions. Our dedicated team of experts diligently collects genuine SC-900 test questions to ensure you pass the SC-900 test effortlessly. With our 100% discount guarantee, you can get refreshed SC-900 test questions at no cost with every login. While some providers may offer SC-900 questions and answers, it is critical to secure the most valid and 2026-updated SC-900 test prep. Avoid relying on free online resources, and instead trust Killexams.com for the most dependable SC-900 test prep available. Seize your chance to pass the Microsoft SC-900 test and elevate your career—enroll with Killexams.com today.

Killexams Review | Reputation | Testimonials | Customer Feedback

Bundle for the SC-900 test was outstanding, with accurate questions and a flawless test simulator. I passed with ease and recommended it to my colleagues, who also succeeded in their exams. This is the best IT training resource available online.
Shahid nazir [2026-4-29]

Testprep materials delivered a 96% score on my SC-900 test exam, transforming my initial skepticism into complete trust. A friend high score prompted me to try their platform, despite my initial doubts, and the results were astounding. Their comprehensive practice tests of test questions prepared me thoroughly, and I now enthusiastically advocate for their resources to others seeking certification success.
Martin Hoax [2026-5-21]

As someone deeply involved in the IT field, tackling the SC-900 test was absolutely essential for my career growth. However, my demanding schedule made comprehensive preparation feel like an insurmountable challenge. I decided to try killexams.com practice tests, dedicating just two weeks before the exam, and I was able to confidently answer all the questions well within the time limit. The answers were incredibly easy to recall, making the entire preparation process much smoother. It truly functioned as a thorough reference guide, and I was genuinely amazed by my results.
Shahid nazir [2026-5-2]

More SC-900 testimonials...

References

Microsoft Security, Compliance, and Identity Fundamentals MCQs
Microsoft Security, Compliance, and Identity Fundamentals test Questions
Microsoft Security, Compliance, and Identity Fundamentals test prep questions

Frequently Asked Questions about Killexams Practice Tests

Do you want latest genuine SC-900 test questions to read?
This is the right place to get the latest and 100% valid real SC-900 test questions with VCE practice tests. You just need to memorize and practice these questions and reset ensured. You will pass the test with good marks.

Are these SC-900 practice tests valid for my country?
Yes, SC-900 test practice questions that we provide are valid globally. All the questions that are provided are taken from authentic resources.

Can I renew my get account validity?
Yes, Contact sales or support via email or live chat to get a special discount coupon for account renewal. Killexams team can also provide you direct payment link that will renew your account validity instantly.

Is Killexams.com Legit?

Indeed, Killexams is 100 percent legit and also fully well-performing. There are several attributes that makes killexams.com traditional and reliable. It provides updated and completely valid test dumps that contain real exams questions and answers. Price is really low as compared to many of the services online. The Braindumps are up graded on common basis utilizing most latest brain dumps. Killexams account method and merchandise delivery is incredibly fast. Data downloading will be unlimited as well as fast. Support is available via Livechat and Email address. These are the features that makes killexams.com a sturdy website that offer test dumps with real exams questions.

Other Sources

Which is the best testprep site of 2026?

Prepare smarter and pass your exams on the first attempt with Killexams.com – the trusted source for authentic test questions and answers. We provide updated and Tested practice test questions, study guides, and PDF test dumps that match the genuine test format. Unlike many other websites that resell outdated material, Killexams.com ensures daily updates and accurate content written and reviewed by certified experts.

Download real test questions in PDF format instantly and start preparing right away. With our Premium Membership, you get secure login access delivered to your email within minutes, giving you unlimited downloads of the latest questions and answers. For a real exam-like experience, practice with our VCE test Simulator, track your progress, and build 100% test readiness.

Join thousands of successful candidates who trust Killexams.com for reliable test preparation. Sign up today, access updated materials, and boost your chances of passing your test on the first try!

100% Money Back Pass Guarantee

Back to List

Social Profiles

Microsoft Security, Compliance, and Identity Fundamentals Practice Test

SC-900 test Format | Course Contents | Course Outline | test Syllabus | test Objectives

100% Money Back Pass Guarantee

SC-900 PDF trial MCQs

SC-900 trial MCQs

Killexams VCE Test Engine (Self Assessment Tool)

Do not Miss these free SC-900 MCQs for practice

Latest 2026 Updated SC-900 Real test Questions

Tags

Killexams Review | Reputation | Testimonials | Customer Feedback

References

Frequently Asked Questions about Killexams Practice Tests

Is Killexams.com Legit?

Other Sources

Which is the best testprep site of 2026?

Important Links for best testprep material

100% Money Back Pass Guarantee

Social Profiles