Microsoft Security, Compliance, and Identity Fundamentals · Difficulty

Medium SC-900 practice questions

Applied — put a concept to work in a realistic situation. 137 medium questions available — no sign-up, always free.

Question 1 of 25

A compliance officer at Contoso needs to ensure that members of a sensitive project group are periodically re-evaluated so that people who no longer need access are removed. The officer wants group owners to attest to each member's continued need for access on a recurring basis. Which Microsoft Entra capability should be used?

Reviewed for accuracy · Report an issue
Question 2 of 25

A user at Contoso enters their username and password to sign in to a company portal. After signing in successfully, the system checks whether the user is permitted to open the HR salary reports. Which security concept is being applied when the system determines what the user is allowed to access after sign-in?

Reviewed for accuracy · Report an issue
Question 3 of 25

A company hosts several virtual machines in Azure. The security team wants administrators to connect to these VMs using RDP and SSH securely through the Azure portal, without exposing the VMs to the public internet by assigning them public IP addresses. Which Azure service should they deploy?

Reviewed for accuracy · Report an issue
Question 4 of 25

A company hosts a public-facing web application on Azure virtual machines behind a public IP address. During a recent event, the application became unreachable because it was flooded with a massive volume of traffic from thousands of sources, overwhelming the network bandwidth. Which Azure service is specifically designed to detect and mitigate this type of volumetric network attack?

Reviewed for accuracy · Report an issue
Question 5 of 25

A company routes all outbound internet traffic from its Azure virtual networks through Azure Firewall. The security team wants the firewall to automatically alert on and block traffic to and from IP addresses and domains that Microsoft has identified as malicious, without manually maintaining any address lists. Which Azure Firewall capability should they enable?

Reviewed for accuracy · Report an issue
Question 6 of 25

A company runs several virtual machines in an Azure virtual network. The security team needs to control outbound traffic by allowing connections only to a specific list of fully qualified domain names (FQDNs), such as *.contoso-updates.com, while centrally logging all traffic decisions across the network. Which Azure service should they deploy?

Reviewed for accuracy · Report an issue
Question 7 of 25

A compliance auditor asks a company that runs all of its workloads in Microsoft Azure who is responsible for the physical security of the datacenters, including guards, fencing, and hardware disposal. Under the shared responsibility model, which party holds this responsibility regardless of whether the workload is IaaS, PaaS, or SaaS?

Reviewed for accuracy · Report an issue
Question 8 of 25

A security administrator notices that several sign-ins to Microsoft 365 are occurring through older email clients that do not support modern authentication, and these clients cannot enforce multi-factor authentication. The administrator wants to automatically block these legacy authentication attempts across the organization based on signals like the client app being used. Which Microsoft Entra capability should the administrator configure?

Reviewed for accuracy · Report an issue
Question 9 of 25

A retail company uses dozens of SaaS applications, including Microsoft 365 and several third-party cloud services. The security team wants a solution that acts as a broker between users and cloud apps to provide deep visibility into cloud app usage, enforce data protection policies on sanctioned apps, and detect anomalous activity such as impossible travel. Which Microsoft Defender XDR service should they use?

Reviewed for accuracy · Report an issue
Question 10 of 25

A security team wants to prevent users from downloading sensitive files to unmanaged personal devices while still allowing them to view those files in cloud apps like SharePoint Online through the browser. Which Microsoft solution provides this real-time session monitoring and control over user activity within cloud apps?

Reviewed for accuracy · Report an issue
Question 11 of 25

A security analyst at a manufacturing company notices that employees are uploading corporate data to a variety of unsanctioned cloud storage services. Leadership wants to discover which cloud apps are being used across the organization, assess the risk level of each app, and control access to non-compliant apps. Which Microsoft Defender XDR service should the analyst use?

Reviewed for accuracy · Report an issue
Question 12 of 25

A security team has approved several SaaS applications for company use, including Salesforce and Box. They are worried about detecting suspicious behavior inside these sanctioned apps, such as impossible-travel logins and mass file downloads by a single user. Which Microsoft Defender XDR service is designed to monitor and detect these kinds of anomalous activities within cloud applications?

Reviewed for accuracy · Report an issue
Question 13 of 25

A cloud operations team has deployed dozens of resources across an Azure subscription and is concerned about insecure configurations, such as storage accounts that allow public access and virtual machines missing endpoint protection. They want a tool that continuously assesses these resources against security best practices and provides prioritized recommendations to reduce their attack surface. Which capability should they use?

Reviewed for accuracy · Report an issue
Question 14 of 25

A cloud operations team has just connected an Azure subscription to Microsoft Defender for Cloud. They want to immediately begin receiving security posture recommendations and a secure score across their resources at no additional cost, before deciding whether to invest in advanced workload protection. Which capability of Defender for Cloud is available to them by default without enabling a paid plan?

Reviewed for accuracy · Report an issue
Question 15 of 25

A company runs several Linux and Windows virtual machines in Azure that host business-critical applications. The security team wants a solution that provides runtime threat protection for these server workloads, alerting them to suspicious processes, brute-force login attempts, and malware on the VMs. Which capability should they enable?

Reviewed for accuracy · Report an issue
Question 16 of 25

A company runs several virtual machines in Azure that administrators occasionally need to connect to over RDP and SSH. The security team wants to reduce the exposure of these management ports by keeping them closed by default and only opening them to a requesting administrator's IP address for a limited time window, with the requests logged for auditing. Which Microsoft Defender for Cloud capability should they enable?

Reviewed for accuracy · Report an issue
Question 17 of 25

A company runs production workloads across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). The security team wants a single Microsoft solution that continuously assesses the security posture of resources in all three clouds, provides security recommendations, and produces a unified secure score. Which solution should they use?

Reviewed for accuracy · Report an issue
Question 18 of 25

A company runs production workloads across Azure, AWS, and on-premises virtual machines. The security team wants a single Microsoft solution that continuously assesses security posture, provides configuration hardening recommendations, and protects the running workloads across all of these environments. Which Microsoft solution should they use?

Reviewed for accuracy · Report an issue
Question 19 of 25

A cloud operations team wants a single dashboard that continuously assesses the security configuration of their Azure subscriptions, identifies misconfigurations such as storage accounts without encryption, and provides a prioritized numeric measurement they can track over time to improve their overall security state. Which Microsoft capability should they use?

Reviewed for accuracy · Report an issue
Question 20 of 25

A company running virtual machines, SQL databases, and storage accounts in Azure wants a single tool that continuously assesses resources against the PCI DSS and ISO 27001 standards, showing which controls are met and which need remediation through a built-in dashboard. Which Microsoft solution provides this regulatory compliance dashboard?

Reviewed for accuracy · Report an issue
Question 21 of 25

A security administrator wants to reduce the ways malware can compromise Windows devices by blocking risky behaviors such as Office applications creating executable content and scripts launching downloaded executables. Which Microsoft Defender for Endpoint capability is specifically designed to minimize these exploitable behaviors?

Reviewed for accuracy · Report an issue
Question 22 of 25

A security operations team is overwhelmed by the volume of low-level malware alerts on managed Windows devices. They want a capability within Microsoft Defender for Endpoint that can automatically investigate these alerts, determine whether a threat is real, and take remediation actions such as quarantining files without waiting for an analyst. Which Defender for Endpoint capability meets this need?

Reviewed for accuracy · Report an issue
Question 23 of 25

A security analyst notices that a company workstation, already infected with malware that bypassed the initial antivirus, is exhibiting suspicious behaviors such as lateral movement attempts and unusual process injection. The team wants a Microsoft Defender XDR service that provides endpoint detection and response (EDR) capabilities to detect, investigate, and respond to these advanced post-breach activities on the device. Which service should they use?

Reviewed for accuracy · Report an issue
Question 24 of 25

A security team wants to detect, investigate, and automatically respond to advanced threats such as malware and fileless attacks on the organization's Windows laptops and servers. They need endpoint detection and response (EDR) capabilities across these managed devices. Which Microsoft Defender XDR service should they deploy?

Reviewed for accuracy · Report an issue
Question 25 of 25

A security operations team wants a single portal where analysts can investigate an alert that spans a compromised user mailbox, a suspicious sign-in, and a malicious file that executed on a laptop — and see these signals automatically correlated into one incident. Which Microsoft solution provides this unified, correlated incident view across email, identity, and endpoint signals?

Reviewed for accuracy · Report an issue