Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. SC-900

Microsoft SC-900 Exam (page: 4)
Microsoft Security, Compliance, and Identity Fundamentals
Updated on: 28-Jul-2025

Viewing Page 4 of 30
SC-900 PDF 226 Questions

HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Sign in to Compliance Manager
1. Go to the Microsoft Purview compliance portal and sign in with your Microsoft 365 global administrator account.
2. Select Compliance Manager on the left navigation pane. You'll arrive at your Compliance Manager dashboard.
The direct link to access Compliance Manager is https://compliance.microsoft.com/compliancemanager
Note: Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-setup



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Microsoft Secure Score has updated improvement actions to support security defaults in Microsoft Entra ID, which make it easier to help protect your organization with pre-configured security settings for common attacks.
If you turn on security defaults, you'll be awarded full points for the following improvement actions: Ensure all users can complete multi-factor authentication for secure access (9 points)
Require MFA for administrative roles (10 points) Enable policy to block legacy authentication (7 points)
Box 2: Yes
Each improvement action is worth 10 points or less, and most are scored in a binary fashion. If you implement the improvement action, like create a new policy or turn on a specific setting, you get 100% of the points. For other improvement actions, points are given as a percentage of the total configuration.
Note: Following the Secure Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 Defender portal, organizations can monitor and work on the security of their Microsoft 365 identities, apps, and devices.
Box 3: Yes
Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score



Which compliance feature should you use to identify documents that are employee resumes?

  1. pre-trained classifiers
  2. Activity explorer
  3. eDiscovery
  4. Content explorer

Answer(s): A

Explanation:

Microsoft Information Protection - Trainable Classifiers
Leverage user-friendly, pre-trained or trainable Machine Learning classifiers to identify various types of content in your organization.
Microsoft provides a list of classifiers which are pre-trained (based on sample documents like Legal, Finance, Manufacturing, Supply Chain etc.) and use Machine Learning to identify the classification of the documents in user-configured target locations.
Incorrect:
Not B: How is activity explorer helpful to a compliance administrator?
Activity explorer provides a historical view of activities on your labeled content. The activity information is collected from the Microsoft 365 unified audit logs, transformed, and made available in the Activity explorer UI.
Creating a custom trainable classifier first involves giving it samples that are human picked and positively match the category.
Not C: Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases.
Not D: Content explorer shows a current snapshot of the items that have a sensitivity label, a retention label or have been classified as a sensitive information type in your organization.


Reference:

https://www.infotechtion.com/post/microsoft-trainable-classifiers



DRAG DROP (Drag and Drop is not supported)
Match the pillars of Zero Trust to the appropriate requirements.
To answer, drag the appropriate pillar from the column on the left to its requirement on the right. Each pillar may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Networks Network
Ensure devices and users aren’t trusted just because they’re on an internal network. Encrypt all internal communications, limit access by policy, and employ microsegmentation and real-time threat detection.
Box 2: Identities Identities
Verify and secure each identity with strong authentication across your entire digital estate.
Box 3: Data Data
Move from perimeter-based data protection to data-driven protection. Use intelligence to classify and label data. Encrypt and restrict access based on organizational policies.


Reference:

https://www.microsoft.com/en-us/security/business/zero-trust



DRAG DROP (Drag and Drop is not supported)
Match the types of compliance score actions to the appropriate tasks.
To answer, drag the appropriate action type from the column on the left to its task on the right. Each type may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Preventative
Preventative actions address specific risks. For example, protecting information at rest using encryption is a preventative action against attacks and breaches. Separation of duties is a preventative action to manage conflict of interest and guard against fraud.
Box 2: Detective
Detective actions actively monitor systems to identify irregular conditions or behaviors that represent risk, or that can be used to detect intrusions or breaches. Examples include system access auditing and privileged administrative actions. Regulatory compliance audits are a type of detective action used to find process issues.
Incorrect:
Corrective actions try to keep the adverse effects of a security incident to a minimum, take corrective action to reduce the immediate effect, and reverse the damage if possible. Privacy incident response is a corrective action to limit damage and restore systems to an operational state after a breach.


Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365- worldwide



Which pillar of identity relates to tracking the resources accessed by a user?

  1. authorization
  2. auditing
  3. administration
  4. authentication

Answer(s): B

Explanation:

Audit logs in Microsoft Entra ID
As an IT administrator, you want to know how your IT environment is doing. The information about your system’s health enables you to assess whether and how you need to respond to potential issues.
To support you with this goal, the Microsoft Entra portal gives you access to three activity logs: Sign-ins – Information about sign-ins and how your resources are used by your users.
Audit – Information about changes applied to your tenant such as users and group management or updates applied to your tenant’s resources.
Provisioning – Activities performed by the provisioning service, such as the creation of a group in ServiceNow or a user imported from Workday.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs



What can be created in Active Directory Domain Services (AD DS)?

  1. line-of-business (LOB) applications that require modern authentication
  2. computer accounts
  3. software as a service (SaaS) applications that require modern authentication
  4. mobile devices

Answer(s): B

Explanation:

What is computer account in Active Directory?
A computer account represents your desktop or laptop computer to the Active Directory.


Reference:

https://commons.lbl.gov/display/itfaq/Active+Directory



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Authentication
What is the difference between authentication and authorization in Azure?
In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.


Reference:

https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization



Viewing Page 4 of 30



Share your comments for Microsoft SC-900 exam with other users:

Greg 11/16/2023 6:59:00 AM

hope for the best
UNITED STATES


zazza 6/16/2023 9:08:00 AM

question 21 answer is alerts
ITALY


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


zazza 6/16/2023 10:47:00 AM

question 44 answer is user risk
ITALY