This PDF contains a set of carefully selected practice questions for the

SC-900 exam. These questions are designed to reflect the structure,

difficulty, and topics covered in the actual exam, helping you reinforce
your understanding and identify areas for improvement.

What's Inside:

1. Topic-focused questions based on the latest exam objectives

2. Accurate answer keys to support self-review
3. Designed to simulate the real test environment
4. Ideal for final review or daily practice

Important Note:

This material is for personal study purposes only. Please do not

redistribute or use for commercial purposes without permission.

For full access to the complete question bank and topic-wise explanations, visit:
CertQuestionsBank.com

Our YouTube: https://www.youtube.com/@CertQuestionsBank

FB page: https://www.facebook.com/certquestionsbank
Share some SC-900 exam online questions below.
1.Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity
Protection? Each correct answer presents a complete solution. NOTE: Each correct selection is worth
one point.
A. Configure external access for partner organizations.
B. Export risk detection to third-party utilities.
C. Automate the detection and remediation of identity based-risks.
D. Investigate risks that relate to user authentication.
E. Create and automatically assign sensitivity labels to data.
Answer: B, C, D

2.In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for
managing?
A. the management of mobile devices
B. the permissions for the user data stored in Azure
C. the creation and management of user accounts
D. the management of the physical hardware
Answer: D

3. Select Save preferences.

How it works
Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the
current partial Intune support, configurations which might have been set through Intune might show
up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case
your organization is using Intune for secure configuration management.
The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing
vulnerability discovery process.
It is aggregated with configuration discovery assessments that continuously:
? Compare collected configurations to the collected benchmarks to discover misconfigured assets
? Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
? Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal
research teams)
? Collect and monitor changes of security control configuration state from all assets

4.DRAG DROP
Match the Microsoft 365 insider risk management workflow step to the appropriate task.
To answer, drag the appropriate step from the column on the left to its task on the right. Each step
may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-
management?view=o365-worldwide

5.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.

Answer:
6.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point

Answer:

7.Which two Azure resources can a network security group (NSG) be associated with? Each correct
answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. a network interface
B. an Azure App Service web app
C. a virtual network
D. a virtual network subnet
E. a resource group
Answer: A, D
You can use an Azure network security group to filter network traffic to and from Azure resources in
an Azure virtual network. A network security group contains security rules that allow or deny inbound
network traffic to, or outbound network traffic from, several types of Azure resources.

8.What are two reasons to deploy multiple virtual networks instead of using just one virtual network?
Each correct answer presents a complete solution. NOTE; Each correct selection is worth one point.
A. to separate the resources for budgeting
B. to meet Governance policies
C. to isolate the resources
D. to connect multiple types of resources
Answer: B, C

9.HOTSPOT
Select the answer that correctly completes the sentence.

Answer:

Explanation:
Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises
Active Directory signals to identify, detect, and investigate advanced threats, compromised identities,
and malicious insider actions directed at your organization.
Reference: https://docs.microsoft.com/en-us/defender-for-identity/what-is

10.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Answer:

Explanation:
Box 1: No
Box 2: Yes
Leaked Credentials indicates that the user's valid credentials have been leaked.
Box 3: Yes
Multi-Factor Authentication can be required based on conditions, one of which is user risk.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-
risks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa

11.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Answer:

12.You need to connect to an Azure virtual machine by using Azure Bastion.

What should you use?
A. an SSH client
B. PowerShell remoting
C. the Azure portal
D. the Remote Desktop Connection client
Answer: D

13.HOTSPOT
Select the answer that correctly completes the sentence.

Answer:
Explanation:
When you register an application through the Azure portal, an application object and service principal
are automatically created in your home directory or tenant.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-
principal-portal

14.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.

Answer:

15.HOTSPOT
Select the answer that correctly completes the sentence.
Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview

16.What should you use to ensure that the members of an Azure Active Directory group use multi-
factor authentication (MFA) when they sign in?
A. Azure Active Directory (Azure AD) Identity Protection
B. a conditional access policy
C. Azure role-based access control (Azure RBAC)
D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer: B
Explanation:
The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional
Access policies. Conditional Access lets you create and define policies that react to sign-in events
and that request additional actions before a user is granted access to an application or service.

17.Which Microsoft 365 feature can you use to restrict users from sending email messages that
contain lists of customers and their associated credit card numbers?
A. retention policies
B. data loss prevention (DLP) policies
C. conditional access policies
D. information barriers
Answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-
dlp?view=o365-worldwide

18.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Answer:

19.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.

Answer:
Explanation:
Box 1: No
Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared
controls.
Box 2: Yes
Box 3: Yes
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-
manager?view=o365-worldwide

20.DRAG DROP
Match the types of compliance score actions to the appropriate tasks.
To answer. drag the appropriate action type from the column on the left to its task on the right. Each
type may be used once. more than once, or not at all. NOTE: Each correct match is worth one point.

Answer:

21.What feature in Microsoft Defender for Endpoint provides the first line of defense against
cyberthreats by reducing the attack surface?
A. automated remediation
B. automated investigation
C. advanced hunting
D. network protection
Answer: D
Explanation:
Network protection helps protect devices from Internet-based events. Network protection is an attack
surface reduction capability.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-
protection?view=o365-worldwide

22.Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
A. integration with the Microsoft 365 compliance center
B. support for threat hunting
C. integration with Microsoft 365 Defender
D. support for Azure Monitor Workbooks
Answer: C
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-
overview?view=o365-worldwide

23.HOTSPOT
Select the answer that correctly completes the sentence.

Answer:

Explanation:
Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/

24.HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Answer:

Explanation:
Box 1: No
Advanced Audit helps organizations to conduct forensic and compliance investigations by increasing
audit log retention.
Box 2: No
Box 3: Yes
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-
audit?view=o365-worldwide

25.When you enable Azure AD Multi-Factor Authentication (MFA), how many factors are required for
authentication?
A. 1
B. 2
C. 3
D. 4
Answer: B

26. Scroll down to Microsoft Secure Score and toggle the setting to On.

27.Which compliance feature should you use to identify documents that are employee resumes?
A. pre-trained classifiers
B. Content explorer
C. Activity explorer
D. eDiscovery
Answer: A
28.HOTSPOT
Which service should you use to view your Azure secure score? To answer, select the appropriate
service in the answer area.

Answer:

Explanation:
Security Center
Reference: https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track

29.You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete
the files from the site.
 What should you apply to the site?
A. a data loss prevention (DLP) policy
B. a retention policy
C. an insider risk policy
D. a sensitivity label policy
Answer: A

30.HOTSPOT
Select the answer that correctly completes the sentence.

Answer:

Explanation:
Compliance score

Get SC-900 exam dumps full version.

Powered by TCPDF (www.tcpdf.org)