Exam: SC-900: Microsoft Certified: Security, Compliance, and Identity Fundamentals

Review questions, reveal answers, and move through the exam one card at a time.

Total Questions: 209

Questions per page

Page 1 of 1

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A.the management of mobile devices
B.the permissions for the user data stored in Azure
C.the creation and management of user account
D.the management of the physical hardware

Answer: D
✅ Explanation
Microsoft’s responsibilities:
Physical datacenter security
Physical servers and networking equipment
Power, cooling, and building infrastructure
Customer responsibilities:
Data classification and accountability
User identity and access management (permissions for user data)

HOTSPOT -

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer:

Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A.Display policy tips to users who are about to violate your organization's policies.
B.Enable disk encryption on endpoints.
C.Protect documents in Microsoft OneDrive that contain sensitive information.
D.Apply security baselines to devices.

Answer: AC
✅ Explanation

✅ A. Display policy tips to users who are about to violate your organization's policies.
✔ Correct.
DLP can warn users in real time by showing policy tips in Outlook, Word, Excel, PowerPoint, SharePoint Online, and OneDrive for Business when their actions might violate a policy.
✅ C. Protect documents in Microsoft OneDrive that contain sensitive information.
✔ Correct.
DLP policies can detect sensitive info (like credit card numbers, health records, etc.) stored in OneDrive and automatically take actions such as blocking access or alerting admins.

HOTSPOT -

Select the answer that correctly completes the sentence.

Hot Area:

Answer:

HOTSPOT -

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer:

Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
A.Content Search
B.sensitivity labels
C.retention policies
D.eDiscovery

Answer: B
✅ Explanation
The Microsoft 365 compliance feature that can automatically encrypt content based on specific conditions (like detecting sensitive information types) is:
✅ B. sensitivity labels
Sensitivity labels can be configured to automatically apply encryption (such as Azure Information Protection) when content matches certain conditions (e.g., credit card numbers, classified data).

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

HOTSPOT -

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer:

HOTSPOT -

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Answer:

Which two cards are available in the Microsoft 365 Defender portal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A.Devices at risk
B.Compliance Score
C.Service Health
D.User Management
E.Users at risk

Answer: AE
✅ Explanation
-The cards you see in the Microsoft 365 Defender portal include things like:
-Devices at risk (for endpoints)
-Users at risk (for identities)

✅ A. Devices at risk
✔ Correct. This card shows endpoint devices with active alerts or vulnerabilities.

✅ E. Users at risk
✔ Correct. This card displays users with compromised accounts or suspicious activity.

Back Next Question