Easy SC-900 practice questions
Direct recall — confirm you know the core facts and definitions. 14 easy questions available — no sign-up, always free.
A company runs all of its user accounts and computers on servers located in its own data center. The IT team uses a Windows Server role that stores account information and lets employees sign in to domain-joined desktops on the corporate network. The company has not extended any of this to cloud services. Which technology are they using?
A development team currently hardcodes API keys, database connection strings, and TLS certificates directly into application configuration files stored in a code repository. Security auditors flagged this practice as a major risk. The team wants an Azure service that centrally stores these secrets and certificates, controls access through policies, and lets applications retrieve them at runtime without embedding them in code. Which Azure service should they use?
A security operations team currently switches between separate consoles to review email threats, endpoint alerts, identity anomalies, and cloud app activity. They want a single web portal where all Microsoft Defender XDR signals are consolidated and analysts can investigate correlated incidents from one place. Which resource should they use?
Contoso runs an on-premises Active Directory Domain Services environment and has just adopted Microsoft 365. The IT team wants employees to use the same username and password for both on-premises resources and cloud apps, and they want on-premises identities automatically synchronized to Microsoft Entra ID. Which solution should they deploy to achieve this hybrid identity synchronization?
A cloud administrator at Contoso is documenting the different identity types in their Microsoft Entra ID tenant. They need to identify which identity type represents a physical person who signs in interactively to access company resources such as email and SharePoint. Which identity type should the administrator document for these interactive human sign-ins?
A company wants to reduce the number of helpdesk tickets caused by users forgetting their passwords. They want employees to be able to securely reset their own passwords from any device without contacting IT support. Which Microsoft Entra ID capability should they enable?
A startup with no on-premises servers wants to create user accounts entirely in the cloud for its 40 employees. The IT manager needs an identity type that is created and managed directly in Microsoft Entra ID without any synchronization from a local directory. Which identity type meets this requirement?
A security operations team has deployed Microsoft Sentinel and now wants to bring in security logs from their Microsoft 365 services, Azure activity, and several third-party firewall appliances so the data can be analyzed and correlated in one place. Which Microsoft Sentinel capability should they configure first to ingest this telemetry?
A cloud administrator wants to control which inbound and outbound traffic is allowed to reach the virtual machines in a specific Azure subnet. They need a native, no-cost filtering mechanism that uses rules based on source and destination IP address, port, and protocol. Which Azure feature should they use?
A compliance officer at a healthcare company wants a single dashboard that shows their organization's current compliance posture as a numeric value, so leadership can quickly gauge risk at a glance and track progress over time. Which Microsoft Purview Compliance Manager feature provides this at-a-glance measurement of how well the organization is meeting compliance requirements?
A compliance officer opens Microsoft Purview Compliance Manager for the first time and wants a single numeric indicator that summarizes the organization's overall progress toward meeting data protection and regulatory requirements. Which element provides this at-a-glance measurement?
A newly hired compliance administrator needs a single, unified web-based location to configure sensitivity labels, review data loss prevention alerts, manage retention policies, and access Compliance Manager. Which tool should they use?
A compliance officer at a financial services company needs to obtain Microsoft's independent third-party audit reports, such as SOC 2 Type II and ISO 27001 certifications, to demonstrate to regulators that Microsoft's cloud services meet required standards. Which Microsoft resource should the officer use to access and download these documents?
An auditor at your company asks for Microsoft's independent, third-party audit certifications (such as SOC 1 and SOC 2 reports) to verify the security controls Microsoft applies to its cloud data centers. Which Microsoft resource should you use to obtain these documents?