HOTSPOT Select the answer that correctly completes the sentence. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/SC-900/page_40_img_1.jpg

Nah, I don't think it's authentication-authorization makes more sense since the user is already signed in.

Nice and clear, I'd go with authentication here.

Question 10 - Microsoft Security SC-900 Real Exam Questions [Jan 2026 Update]

Q: 10

HOTSPOT Select the answer that correctly completes the sentence.

Your Answer

Correct Answer:

AUTHORIZATION

Explanation

Authorization is the security process that determines a user's level of access or the permissions they have to specific system resources. This process occurs after a user's identity has been successfully verified through authentication. The question specifies a "signed-in user," indicating authentication has already been completed. Therefore, the subsequent step of checking whether that user can access a particular resource is authorization.

Authentication answers the question, "Who are you?".
Authorization answers the question, "What are you allowed to do?".
Federation and Single sign-on (SSO) are mechanisms related to authentication across different systems, not the process of granting access to a specific resource within a system.

References

Microsoft Official Documentation: "Authorization is the process of giving a user permission to access a resource. For example, after a user authenticates to a web application, the application would authorize the user to access a specific set of pages or perform certain actions like creating, reading, editing, or deleting data."

Source: Microsoft identity platform documentation, "Authentication vs. authorization". Retrieved from https://learn.microsoft.com/en-us/entra/identity-platform/authentication-vs-authorization, Section: "Authorization".

NIST Glossary: "Authorization: The process of verifying that a requested action or service is approved for a specific entity."

Source: National Institute of Standards and Technology (NIST) Computer Security Resource Center, Glossary. Retrieved from https://csrc.nist.gov/glossary/term/authorization.

IEEE Xplore Digital Library: "Authentication is a mechanism by which a system verifies the identity of a user. Once a user is authenticated, the system uses an authorization mechanism to decide whether the user will be granted access to a resource."

Source: Al-Sinani, M., & Al-Washahi, M. (2020). A Review of Authentication and Authorization Techniques in Online Social Networks. 2020 3rd International Conference on Computer Applications & Information Security (ICCAIS). IEEE. https://doi.org/10.1109/ICCAIS48893.2020.9096839, Section III-A.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE