Study Smarter for the SC-900 Exam with Our Free and Reliable SC-900 Exam Questions – Updated for 2025.

At Cert Empire, we are focused on delivering the most accurate and up-to-date exam questions for students preparing for the Microsoft SC-900 Exam. To make preparation easier, we’ve made parts of our SC-900 exam resources free for everyone. You can practice as much as you like with Free SC-900 Practice Test.

Get SC-900 Exam Dumps

Microsoft SC-900 Free Exam Questions

Disclaimer

Please keep a note that the demo questions are not frequently updated. You may as well find them in open communities around the web. However, this demo is only to depict what sort of questions you may find in our original files.

Nonetheless, the premium exam dumps files are frequently updated and are based on the latest exam syllabus and real exam questions.

1 / 60

What is a key benefit of Microsoft Information Protection (MIP)?

It enables organizations to classify, label, and protect sensitive data across Microsoft 365 and beyond

It provides automated spam filtering for Exchange Online

It restricts email forwarding in Microsoft Outlook

It blocks unauthorized access to SharePoint sites

2 / 60

Which of the following best describes the purpose of Microsoft Defender for Endpoint?

To encrypt all files stored in OneDrive

To protect against malware, ransomware, and other endpoint threats

To enforce compliance policies on cloud applications

To provide identity management for Microsoft 365 users

3 / 60

What is the primary purpose of Microsoft Purview Compliance Manager?

To encrypt emails sent through Microsoft Outlook

To scan and remove malware from SharePoint Online files

To analyze compliance risks and provide recommendations to improve regulatory adherence

To provide network firewall protection for Microsoft 365 services

4 / 60

A company is using Microsoft Entra ID (formerly Azure AD). What feature can help protect accounts from credential compromise?

Windows Firewall Rules

Conditional Access Policies

SharePoint Online Access Control

Microsoft Forms Security Settings

5 / 60

What role does Microsoft Sentinel play in an organization's security strategy?

It encrypts all user data stored in Microsoft 365

It replaces firewalls and endpoint protection software

It blocks all unauthorized logins to Microsoft services

It provides Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities

6 / 60

A company wants to implement Zero Trust principles. Which of the following is a key concept of Zero Trust?

Always granting full access to trusted devices

Using a single-layer firewall for network security

Relying solely on VPNs for secure remote access

Verifying identity, device, and access context before granting access

7 / 60

What is the primary function of Microsoft Defender for Cloud?

To protect on-premises servers from physical threats

To provide security recommendations and compliance insights for cloud resources

To manage user identities and access permissions across Microsoft 365

To monitor Microsoft Teams conversations for compliance violations

8 / 60

Which Microsoft Purview data classification type supports the use of regular expressions?

Fingerprint classifier

Trainable classifier

Exact data match (EDM)

Sensitive information types (SlTs)

9 / 60

What should you create to search and export content preserved in an eDiscovery hold?

A case

Azure Files

A Microsoft SharePoint Online site

A Microsoft Exchange Online public folder

10 / 60

What can you use to ensure that all the users in a specific group must use multi-factor authentication (MFA) to sign in to Azure AD?

Azure Policy

A user risk policy

A Conditional Access policy

A communication compliance policy

11 / 60

When you enable Azure AD Multi-Factor Authentication (MFA), how many factors are required for authentication?

12 / 60

You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site. What should you apply to the site?

A retention policy

An insider risk policy

A sensitivity label policy

A data loss prevention (DLP) policy

13 / 60

You have an Azure subscription that contains multiple resources. You need to assess compliance and enforce standards for the existing resources. What should you use?

Azure Policy

Azure Blueprints

Microsoft Sentinel

The Anomaly Detector service

14 / 60

What can you use to provision Azure resources across multiple subscriptions in a consistent manner?

Azure Blueprints

Azure Policy

Microsoft Sentinel

Microsoft Defender for Cloud

15 / 60

What is an assessment in Compliance Manager?

A policy initiative that includes multiple policies

A grouping of controls from a specific regulation, standard or policy

A dictionary of words that are not allowed in company documents

Recommended guidance to help organizations align with their corporate standards

16 / 60

You plan to move resources to the cloud.
You are evaluating the use of Infrastructure as a service (laaS),
Platform as a service (PaaS), and Software as a service (SaaS) cloud models.
You plan to manage only the data, user accounts, and user devices for a cloud-based app.

Which cloud model will you use?

IaaS

SaaS

PaaS

17 / 60

You have an Azure subscription that contains a Log Analytics workspace. You need to onboard Microsoft Sentinel. What should you do first?

Connect to your security sources

Create a hunting query

Correlate alerts into incidents

Create a custom detection rule

18 / 60

Which portal contains the solution catalog?

Microsoft 365 admin center

Microsoft 365 Defender portal

Microsoft 365 Apps admin center

Microsoft Purview compliance portal

19 / 60

What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?

Applications

Network controls

Operating systems

Accounts and identities

20 / 60

What can be created in Active Directory Domain Services (AD DS)?

Mob devices

Computer accounts

Line-of-business (106) applications that require modem authentication

Software as a service (SaaS) applications that require modem authentication

21 / 60

Which two types of devices can be managed by using Endpoint data loss prevention (Endpoint DLP)?

iOS, Android

Linux, Windows 11

macOS, iOS

Android, Linux

Windows 11, macOS

22 / 60

Which Microsoft Purview feature allows users to identify content that should be protected?

Insider Risks

eDiscovery

Sensitivity Labels

Data Loss prevention

23 / 60

What is a characteristic of a sensitivity label in Microsoft 365?

Encrypted

Persistent

Restricted to predefined categories

24 / 60

Which feature is included in Microsoft Entra ID Governance?

Identity Protection

Verifiable credentials

Permissions Management

Privileged Identity Management

25 / 60

Which two cards are available in the Microsoft 365 Defender portal?

Users at risk, Service Health

Devices at risk, Users at risk

Service Health, Compliance Score

Compliance Score, User Management

User Management, Devices at risk

26 / 60

Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?

Sensitivity labels

eDiscovery

Content Search

Retention policies

27 / 60

What can you protect by using the information protection solution in the Microsoft 365 compliance center?

Sensitive data from being exposed to unauthorized users

Files from malware and viruses

Users from phishing attempts

Computers from zero-day exploits

28 / 60

What can you specify in Microsoft 365 sensitivity labels?

Where to store files

Which watermark to add to files

How long files must be preserved

When to archive an email message

29 / 60

Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?

Microsoft Support

Compliance Manager

Microsoft Service Trust Portal

Microsoft 365 compliance center

30 / 60

In a Core eDiscovery workflow, what should you do before you can search for content?

Run Express Analysis

Create an eDiscovery hold

Export and download results

Configure attorney-client privilege detection

31 / 60

Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?

Retention policies

Information barriers

Conditional access policies

Data loss prevention (DLP) policies

32 / 60

Which Microsoft 365 compliance center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?

Audit

Alerts

Content Search

Compliance Manager

33 / 60

What can you use to deploy Azure resources across multiple subscriptions in a consistent manner?

Azure Policy

Azure Blueprints

Microsoft Sentinel

Microsoft Defender for Cloud

34 / 60

What is a use case for implementing information barrier policies in Microsoft 365?

To restrict data sharing to external email recipients

To restrict unauthenticated access to Microsoft 365

To restrict Microsoft Teams chats between certain groups within an organization

To restrict Microsoft Exchange Online email between certain groups within an organization

35 / 60

Which type of alert can you manage from the Microsoft 365 Defender portal?

Microsoft Defender for Endpoint

Microsoft Defender for SQL

Microsoft Defender for IoT

Microsoft Defender for Storage

36 / 60

Which service includes the Attack simulation training feature?

Microsoft Defender for SQL

Microsoft Defender for Identity

Microsoft Defender for Office 365

Microsoft Defender for Cloud Apps

37 / 60

You need to connect to an Azure virtual machine by using Azure Bastion. What should you use?

An SSH client

The Azure portal

PowerShell remoting

The Remote Desktop Connection client

38 / 60

To which type of resource can Azure Bastion provide secure access?

Azure Files

Azure App Service

Azure virtual machines

Azure SQL Managed Instances

39 / 60

You have a Microsoft 365 E3 subscription. You plan to audit user activity by using the unified audit log and Basic Audit. For how long will the audit records be retained?

15 days

30 days

90 days

180 days

40 / 60

What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?

Reports

Hunting

Incidents

Attack simulator

41 / 60

Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

Resource locks

Conditional access policies

Network security groups (NSGs)

Azure AD Privileged Identity Management (PIM)

42 / 60

What can you use to provide threat detection for Azure SQL Managed Instance?

Azure Bastion

Microsoft Secure Score

Application security groups

Microsoft Defender for Cloud

43 / 60

Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?

Support for threat hunting

Support for Azure Monitor Workbooks

Integration with Microsoft 365 Defender

Integration with the Microsoft 365 compliance center

44 / 60

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

Microsoft Defender Antivirus

Microsoft Defender for Identity

Microsoft Defender for Endpoint

Microsoft Defender for Office 365

45 / 60

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?

Threat modeling

Defense in depth

The shared responsibility model

Identity as the security perimeter

46 / 60

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

Advanced hunting

Network protection

Automated remediation

Automated investigation

47 / 60

Which type of identity is created when you register an application with Active Directory (Azure AD)?

A user account

A service principal

A user-assigned managed identity

A system-assigned managed identity

48 / 60

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?

Microsoft Service Trust Portal

Azure Cost Management + Billing

The Azure Active Directory admin center

The Microsoft Endpoint Manager admin center

49 / 60

In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?

Azure AD Connect

Microsoft Sentinel

Azure AD Privileged Identity Management (PIM)

Active Directory Federation Services (AD FS)

50 / 60

What do you use to provide real-time integration between Azure Sentinel and another security source?

A connector

Azure AD Connect

A Log Analytics workspace

Azure Information Protection

51 / 60

You have an Azure subscription. You need to implement approval-based, time-bound role activation. What should you use?

Windows Hello for Business

Access reviews in Azure Active Directory (Azure AD)

Azure Active Directory (Azure AD) Identity Protection

Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

52 / 60

Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?

Customer Lockbox

Sensitivity label policies

Information barriers

Privileged Access Management (PAM)

53 / 60

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

Authentication method policies

Conditional access policies

Azure AD Identity Protection

Azure AD Privileged Identity Management (PIM)

54 / 60

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

Access reviews

Managed identities

Azure AD Identity Protection

Conditional access policies

55 / 60

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

To control how often users must change their passwords

To prevent users from using specific words in their passwords

To encrypt a password by using globally recognized encryption standards

To identify devices to which users can sign in without using multi-factor authentication (MFA)

56 / 60

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

Conditional access policies

Azure Multi-Factor Authentication (MFA)

Azure Active Directory (Azure AD) Identity Protection

Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

57 / 60

What is an example of encryption at rest?

Sending an encrypted email

Encrypting a virtual machine disk

Encrypting communications by using a site-to-site VPN

Accessing a website by using an encrypted HTTPS connection

58 / 60

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?

Plan, Adopt

Adopt, Govern

Govern, Manage

Manage, Define Strategy

Define Strategy, Plan

59 / 60

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

The management of the physical hardware

The management of mobile devices

The creation and management of user accounts

The permissions for the user data stored in Azure

60 / 60

Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?

Productivity Score

Compliance score

Microsoft Secure Score

Secure score in Azure Security Center

Your score is

The average score is 66%

By Wordpress Quiz plugin

Free SC-900 Practice Exam – 2025 Updated

Study Smarter for the SC-900 Exam with Our Free and Reliable SC-900 Exam Questions – Updated for 2025.

Disclaimer

[email protected]

Helpful links

top Vendors

Contact Us

[email protected]

FLASH OFFER

avail $6 DISCOUNT on YOUR PURCHASE