Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Microsoft (SC-900): Security, Compliance, and Identity Fundamentals Sample Questions

  1. Home
  3. Microsoft (SC-900): Security, Compliance, and Identity Fundamentals Sample Questions
Microsoft (SC-900) Security, Compliance, and Identity Fundamentals Sample Questions

Advanced Sample Questions

Which of the following is NOT a component of the Microsoft 365 security and compliance center?

  • a. Threat protection
  • b. Data loss prevention
  • c. Network security
  • d. Information protection

Answer: c. Network security

Explanation: The Microsoft 365 security and compliance center provides a range of security and compliance solutions, including threat protection, data loss prevention, and information protection. However, it does not provide network security solutions.

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-365-security/security-and-compliance-center?view=o365-worldwide

What is the purpose of Azure Active Directory (AD)?

  • a. To provide on-premises directory and identity management
  • b. To provide cloud-based directory and identity management
  • c. To provide virtual machine management
  • d. To provide storage solutions

Answer: b. To provide cloud-based directory and identity management

Explanation: Azure Active Directory is a cloud-based directory and identity management solution provided by Microsoft. It enables organizations to manage user identities and provide access to resources.

Reference: https://azure.microsoft.com/en-us/services/active-directory/

Which of the following is NOT a security measure provided by Microsoft 365?

  • a. Multi-factor authentication
  • b. Mobile device management
  • c. Data backup and recovery
  • d. Endpoint protection

Answer: c. Data backup and recovery

Explanation: Microsoft 365 provides a range of security measures, including multi-factor authentication, mobile device management, and endpoint protection. However, it does not provide data backup and recovery solutions.

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-365-security/security-and-compliance-center?view=o365-worldwide

What is the purpose of Microsoft Cloud App Security?

  • a. To provide cloud application discovery and risk assessment
  • b. To provide network security
  • c. To provide data backup and recovery
  • d. To provide virtual machine management

Answer: a. To provide cloud application discovery and risk assessment

Explanation: Microsoft Cloud App Security is a cloud security solution that provides discovery and risk assessment of cloud applications used in an organization. It helps to ensure that these applications are used in a secure and compliant manner.

Reference: https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security

What is the purpose of the Microsoft 365 Compliance Center?

  • a. To provide information protection and governance solutions
  • b. To provide virtual machine management
  • c. To provide data backup and recovery
  • d. To provide network security

Answer: a. To provide information protection and governance solutions

Explanation: The Microsoft 365 Compliance Center provides information protection and governance solutions for organizations using Microsoft 365. It helps organizations to meet their legal, regulatory, and organizational compliance requirements.

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-center-overview?view=o365-worldwide

What is the purpose of Azure Information Protection?

  • a. To provide data backup and recovery solutions
  • b. To provide network security
  • c. To classify and protect sensitive information
  • d. To provide virtual machine management

Answer: c. To classify and protect sensitive information

Explanation: Azure Information Protection is a solution that helps organizations classify and protect sensitive information by allowing them to label and encrypt sensitive data. This helps organizations meet their compliance and security requirements.

Reference: https://azure.microsoft.com/en-us/services/information-protection/

What is the purpose of Microsoft Intune?

  • a. To provide data backup and recovery solutions
  • b. To provide network security
  • c. To manage and secure mobile devices
  • d. To provide virtual machine management

Answer: c. To manage and secure mobile devices

Explanation: Microsoft Intune is a cloud-based mobile device management solution that helps organizations manage and secure mobile devices used by employees. It provides features such as device management, app management, and security management.

Reference: https://docs.microsoft.com/en-us/intune/

What is the purpose of Microsoft Defender for Endpoint?

  • a. To provide data backup and recovery solutions
  • b. To provide network security
  • c. To provide threat protection for endpoints
  • d. To provide virtual machine management

Answer: c. To provide threat protection for endpoints

Explanation: Microsoft Defender for Endpoint is a solution that provides threat protection for endpoints such as computers and mobile devices. It uses machine learning and other advanced security technologies to protect against threats such as viruses, malware, and unauthorized access.

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/microsoft-defender/microsoft-defender-for-endpoint

What is the purpose of Microsoft Defender for Office 365?

  • a. To provide data backup and recovery solutions
  • b. To provide network security
  • c. To protect against threats to email and collaboration tools
  • d. To provide virtual machine management

Answer: c. To protect against threats to email and collaboration tools

Explanation: Microsoft Defender for Office 365 is a solution that helps protect against threats to email and collaboration tools such as Exchange Online and SharePoint Online. It uses machine learning and other security technologies to protect against email-based threats such as phishing and malware.

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-defender-for-office-365

What is the purpose of Azure AD Premium P2?

  • a. To provide data backup and recovery solutions
  • b. To provide network security
  • c. To provide advanced identity and access management features
  • d. To provide virtual machine management

Answer: c. To provide advanced identity and access management features

Explanation: Azure AD Premium P2 is a version of Azure Active Directory that provides advanced identity and access management features, such as multi-factor authentication, access reviews, and identity protection. These features help organizations to meet their security and compliance requirements.

Reference: https://azure.microsoft.com/en-us/pricing/details/active-directory/

Basic Sample Questions

Question 1As the first line of defense against cyber threats, what feature of Microsoft Defender for Endpoint reduces the attack surface?
  • A. automated remediation
  • B. automated investigation
  • C. advanced hunting
  • D. network protection

Correct Answer: D

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

Question 2What score is used to assess an organization’s progress when it comes to reducing the risks associated with data protection and regulatory compliance?
  • A. Microsoft Secure Score
  • B. Productivity Score
  • C. Secure score in Azure Security Center
  • D. Compliance score

Correct Answer: D

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide

Question 3In order to provide real-time integration between Azure Sentinel and another security source, what do you use?
  • A. Azure AD Connect
  • B. a Log Analytics workspace
  • C. Azure Information Protection
  • D. a connector

Correct Answer: D

Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview

Question 4In which Microsoft portal can you find information about how Microsoft cloud services are compliant with regulatory standards, such as International Organization for Standardization (ISO)?
  • A. the Microsoft Endpoint Manager admin center
  • B. Azure Cost Management + Billing
  • C. Microsoft Service Trust Portal
  • D. the Azure Active Directory admin center

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

Question 5Microsoft is solely responsible for what in the shared responsibility model for an Azure deployment?
  • A. managing mobile devices
  • B. permissions for the user data stored in Azure
  • C. creating and managing user accounts
  • D. managing the physical hardware

Correct Answer: D

Question 6Which two of the given types of resources are protected by using Azure Firewall?
  • A. Azure virtual machines
  • B. Azure Active Directory (Azure AD) users
  • C. Microsoft Exchange Online inboxes
  • D. Azure virtual networks
  • E. Microsoft SharePoint Online sites

Correct Answer: DE

Question 7Implementing a security strategy and setting up multiple layers of defense throughout a network infrastructure is on your list of to-dos. Which of the following security methodology does this represent?
  • A. threat modeling
  • B. identity as the security perimeter
  • C. defense in depth
  • D. the shared responsibility model

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth

Question 8Is there a tool available for scanning email attachments and forwarding them only if they’re malware-free?
  • A. Microsoft Defender for Office 365
  • B. Microsoft Defender Antivirus
  • C. Microsoft Defender for Identity
  • D. Microsoft Defender for Endpoint

Correct Answer: A

Reference: https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description

Question 9Azure Sentinel provides extended detection and response (XDR) capabilities through which feature?
  • A. integration with the Microsoft 365 compliance center
  • B. support for threat hunting
  • C. integration with Microsoft 365 Defender
  • D. support for Azure Monitor Workbooks

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide

Question 10What threat detection methods can you use with Azure SQL Managed Instances?
  • A. Microsoft Secure Score
  • B. application security groups
  • C. Microsoft Defender for Cloud
  • D. Azure Bastion

Correct Answer: C

Question 11Microsoft Intune-managed devices cannot access corporate resources through which Azure Active Directory feature?
  • A. network security groups (NSGs)
  • B. Azure AD Privileged Identity Management (PIM)
  • C. conditional access policies
  • D. resource locks

Correct Answer: C

Question 12What are the two phases that precede the Ready phase in the Microsoft Cloud Adoption Framework for Azure?
  • A. Plan
  • B. Manage
  • C. Adopt
  • D. Govern
  • E. Define Strategy

Correct Answer: AE

Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview

Question 13HOTSPOT – Choose Yes if the statement is true for each. If not, select No.
Hot Area:
Statements Yes/No
Applying system updates increases an organization’s secure score in Microsoft Defender for Cloud
The secure score in Microsoft Defender for Cloud can evaluate resources across multiple azure subscriptions
Enabling multi-factor authentication (MFA) increases an organization’s secure score in Microsoft Defender for Cloud

Correct Answer:

Statements Yes/No
Applying system updates increase an organization’s secure score in Microsoft Defender for CloudYes
The secure score in Microsoft Defender for Cloud can evaluate resources across multiple azure subscriptionsYes 
Enabling multi-factor authentication (MFA) increases an organization’s secure score in Microsoft Defender for CloudYes 

Reference: https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls

Question 14HOTSPOT – Choose Yes if the statement is true for each. If not, select No.
Hot Area:
Statements Yes/No
All Azure Active Directory (Azure AD) license editions include the same features
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant

Correct Answer:

Statements Yes/No
All Azure Active Directory (Azure AD) license editions include the same featuresNO
You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portalYES
You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenantNO
Question 15HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
Azure blueprints Provides best practices from Microsft employees, partners, and customers, including tools and guidance to assist in an Azure deployment
Azure policy
The Microsoft Cloud Adoption Framework for Azure
A resource lock

Correct Answer: 

Azure blueprints Provides best practices from Microsft employees, partners, and customers, including tools and guidance to assist in an Azure deployment
Azure policy
The Microsoft Cloud Adoption Framework for Azure
A resource lock

Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/

Question 16HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
Customer lockboxIs used to identify, hold, and export electronic information that might be used in an investigation
Data loss prevention (DLP)
eDiscovery
A resource lock

Correct Answer:

Customer lockboxIs used to identify, hold, and export electronic information that might be used in an investigation
Data loss prevention (DLP)
eDiscovery
A resource lock

Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview

Question 17HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
Federation is used to establishbetween organizations
Multi-factor authentication (MFA)
A trust relationship
User account synchronization
A VPN connection

Correct Answer:

Federation is used to establishbetween organizations
Multi-factor authentication (MFA)
A trust relationship
User account synchronization
A VPN connection

Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Question 18HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
Statements Yes/No 
Verify explicitly is one of the guiding principles of Zero Trust
Assume breach is on the guiding principles of Zero Trust
The Zero Trust security model assumes that a firewall secures the internal network from external threats

Correct Answer:

Statements Yes/No 
Verify explicitly is one of the guiding principles of Zero TrustYES
Assume breach is on the guiding principles of Zero TrustYES
The Zero Trust security model assumes that a firewall secures the internal network from external threatsNO

Reference: https://docs.microsoft.com/en-us/security/zero-trust/

Question 19HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
StatementsYes/No 
Control is a key privacy principle of Microsoft
Transparency is a key privacy principle of Microsoft
Shares responsibility is key privacy of Microsoft

Correct Answer:

StatementsYes/No 
Control is a key privacy principle of MicrosoftYES
Transparency is a key privacy principle of MicrosoftYES
Shares responsibility is key privacy of MicrosoftNO
Question 20HOTSPOT – Select the answer that correctly completes the sentence.
Hot Area:
a file makes the data in the file readable and usable to viewers that have the appropriate key
Archiving
Compressing
Deduplicating
Encrypting

Correct Answer:

a file makes the data in the file readable and usable to viewers that have the appropriate key
Archiving
Compressing 
Deduplicating 
Encrypting 
Menu