Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Microsoft
  3. SC-900

Microsoft SC-900 Exam (page: 5)
Microsoft Security, Compliance, and Identity Fundamentals
Updated on: 28-Jul-2025

Viewing Page 5 of 30
SC-900 PDF 226 Questions

HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Authorization is the security process that determines a user or service's level of access.
Box 2: Yes
Authentication (AuthN) is a process that verifies that someone or something is who they say they are. Box 3: No


Reference:

https://www.onelogin.com/learn/authentication-vs-authorization



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box: federation
Using your company credentials to access a partner company's resources require a      solution between the two companies.
Manage B2B collaboration with other organizations
B2B collaboration is enabled by default, but comprehensive admin settings let you control your inbound and outbound B2B collaboration with external partners and organizations.
*-> Cross-tenant access settings. For B2B collaboration with other Microsoft Entra organizations, use cross- tenant access settings to control which users can authenticate with which resources. Manage inbound and outbound B2B collaboration, and scope access to specific users, groups, and applications. Set a default configuration that applies to all external organizations, and then create individual, organization-specific settings as needed. Using cross-tenant access settings, you can also trust multifactor (MFA) and device claims (compliant claims and Microsoft Entra hybrid joined claims) from other Microsoft Entra organizations.
* External collaboration settings.
These settings are used to manage two different aspects of B2B collaboration. Cross-tenant access settings control whether users can authenticate with external Microsoft Entra tenants. They apply to both inbound and outbound B2B collaboration. By contrast, external collaboration settings control which users in your organization are allowed to send B2B collaboration invitations to guests from any organization.


Reference:

https://learn.microsoft.com/en-us/entra/external-id/what-is-b2b



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Asymmetric encryption uses a mathematically related pair of keys for encryption and decryption: a public key and a private key. If the public key is used for encryption, then the related private key is used for decryption. If the private key is used for encryption, then the related public key is used for decryption.
Box 2: No
Symmetric encryption uses the same key to perform both encryption and decryption functions. Symmetric encryption uses a shared private key while asymmetric encryption uses a public/private key pair. Another difference between asymmetric and symmetric encryption is the length of the keys.
Box 3: No
Hashing is on-way.
Decryption of a "hash" is impossible.


Reference:

https://www.techtarget.com/searchsecurity/definition/asymmetric-cryptography https://www.techtarget.com/searchsecurity/definition/asymmetric-cryptography



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box: integrity
Data integrity is a concept and process that ensures the accuracy, completeness, consistency, and validity of an organization's data. By following the process, organizations not only ensure the integrity of the data but guarantee they have accurate and correct data in their database.


Reference:

https://www.fortinet.com/resources/cyberglossary/data-integrity



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Compliance Manager
Microsoft also offers a set of integrated solutions that leverage AI to help improve data protection capabilities and overall compliance posture. Compliance Manager enables you to manage your compliance activities in a single dashboard and provides three key capabilities:
Risk assessment: The tool helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services. With a single dashboard, you can see multiple assessments and measure the compliance performance for a cloud service against a regulation or a standard (Ex- ISO 27001, ISO 27018, FedRAMP, NIST, GDPR)
* Etc.
Box: Assessments


Reference:

https://azure.microsoft.com/en-us/blog/azure-resources-to-assess-risk-and-compliance/



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: No
Software as a service is a method for delivering software applications over the internet, on demand, and typically on a subscription basis. With SaaS, cloud providers host and manage the software application and underlying infrastructure. These providers also handle any maintenance, like software upgrades and security patching. Users connect to the application over the internet, usually with a web browser on their phone, tablet, or PC.
Box 2: Yes
IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. A cloud computing service provider like Azure manages the infrastructure, while you purchase, install, configure, and manage your own software—including operating systems, middleware, and applications.
Box 3: No
With the appropriate service agreement, a cloud service provider can offer better security for your applications and data than the security you would attain in house.


Reference:

https://azure.microsoft.com/en-ca/resources/cloud-computing-dictionary/what-is-iaas/



What should you use to associate the same identity to more than one Azure virtual machine?

  1. a Microsoft Entra user account
  2. a user-assigned managed identity
  3. a system-assigned managed identity
  4. a Microsoft Entra security group

Answer(s): B

Explanation:

When using a user-assigned managed identity, you assign the managed identity to the "source" Azure Resource, such as a Virtual Machine, Azure Logic App or an Azure Web App.
What should you use to associate the same identity to more than one Azure virtual machine? User assigned managed identities can be used on more than one resource.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview



HOTSPOT (Drag and Drop is not supported)
Select the answer that correctly completes the sentence.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box: federation
What provides SSO capabilities across multiple identity providers?
Federation - When you set up SSO to work between multiple identity providers, it's called federation. An SSO implementation based on federation protocols improves security, reliability, end-user experiences, and implementation.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on



Viewing Page 5 of 30



Share your comments for Microsoft SC-900 exam with other users:

Greg 11/16/2023 6:59:00 AM

hope for the best
UNITED STATES


zazza 6/16/2023 9:08:00 AM

question 21 answer is alerts
ITALY


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


zazza 6/16/2023 10:47:00 AM

question 44 answer is user risk
ITALY