SC-900 Practice Test [Microsoft Security, Compliance, & Identity]

SC-900 Practice Tests [MS Security, Compliance, & Identity Fundamentals] Exam

I am very pleased to announce that I have released my first Udemy course SC-900 Practice Test [Microsoft Security, Compliance, & Identity]

Why You Should Purchase My SC-900 Practice Test Course?

The main advantage of enrolling in my course is you get to learn from someone who has actually cleared the SC-900 certificate exam. You can view my certification here

In addition to that, the SC-900 practice test includes the following features:

a. 130+ well-researched questions.

b. Lucid explanations for both correct & incorrect answers.

c. Supporting visuals created by me to drive better understanding (Not taken from Microsoft documentation)

d. Explanations run parallel to the product. Every detailed explanation has corroborating evidence with the Microsoft product (like Azure or Microsoft 365 security center, etc.) shown in the form of screenshots and clear callouts.

e. Reference links not just for the correct answer but also the incorrect answers.

f. I love to help you succeed. If you need to discuss, we have an Active Q&A dashboard and expect very fast responses (save for my sleeping hours, which is generally less).

g. I have rephrased the reasoning in a simple and easy-to-understand language.

h. Don’t worry about inaccurate sentence framing/wrong grammar/incorrect punctuations. I use Grammarly to review every question.

i. Almost non-existent repetition of questions to increase the question count.

j. Of course, don’t take my word. Go to my website and review the FREE SC-900 sample questions before you purchase.

k. 30-day money-back guarantee. Feel free to check them out. You can always request a refund (although I am confident that you would love the product so much that you wouldn’t need to).

l. Lifetime access to all the future updates to the SC-900 certification exam.

m. Give the SC-900 practice test or go through the explanations with either mobile, tablet, or your laptop.

Who should take this Certification Exam and the SC-900 Practice Test?

a. SC-900 is a fundamentals exam in security. Both Micorosft 365 security and Azure security.

b. It helps you to learn fundamentals concepts in Microsoft security which will help you establish a strong foundation for other security exams in Microsoft 365/Azure like:

Microsoft Azure Security Technologies AZ-500

Microsoft 365 Security Administration MS-500

Microsoft Security Operations Analyst SC-200

Microsoft Identity And Access Administrator SC-300

Microsoft Information Protection Administrator SC-400

c. If you already a security expert / cleared one of the above Microsoft certifications, SC-900 is not required. Directly go to the relevant certifications based on your work profile.

The above are the most important points to note. Below are some of the points focussed on marketing (boring to read, though, so please feel free to skip):

a. Candidates who want to clear the SC-900 exam.

b. IT Professionals who want to gauge their Azure & Microsoft 365 Knowledge related to compliance, security & identity for their upcoming interviews

c. Anyone in IT who want to take their career, and salary, to a whole new level with an Azure certification

d. Candidates with non-technical backgrounds interested in learning about cloud security.

How Does the SC-900 Practice Test Questions are Designed?

The questions are collected from a variety of domains and sub-domains with extra care taken to equal attention to each exam area. Also, the questions are on different levels.

For example:

a. Remember-level questions test whether you have the ability to recall memorized facts, & basic concepts.

b. Understand-level questions validate whether you have the ability to explain the meanings of terms, & concepts.

c. Application-level questions test whether you have the ability to perform tasks using facts, concepts, & techniques, and,

d. Analysis-level questions validate whether you have the ability to diagnose situations & solve problems with concepts & techniques.

A mixture of questions at different levels reinforces your knowledge and prepares you to ace the exam.

Test Your Knowledge With Free Sample SC-900 Practice Test

A user wants to listen to music. So, he logs into the Spotify app with his Google account. See the below image for more details.

SC-900 Practice Test Federated authentication

Based on the above scenario, which of the following is NOT True?

a. Azure AD used by Spotify trusts Google identity provider.

b. Google identity provider trusts Azure AD used by Spotify.

c. There is a trust relationship between Azure AD used by Spotify and Google.

d. The user does not need a separate username and password to log into Spotify.

Explanation: The above scenario is an example of a federation that enables the access of services across organizational/domain boundaries by establishing trust relationships between the identity providers of Spotify & Google.

Here is a step-by-step process of how this works:

  1. Spotify uses Azure AD authentication
  2. The user authenticates with Google
  3. Spotify has a trust relationship with Google.
  4. So, Spotify trusts the user and allows access.

In the above example, a trust relationship is configured between Spotify and Google. Spotify trusts Google. But the opposite isn’t true. That is, Google doesn’t trust Spotify unless that trust relationship is configured.

So, option b is the correct answer

Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-identity-principles-concepts/5-describe-concept-federated-services

This question is part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

You create an access package in entitlement management and a set of resources to help onboard new team members.

Which of the following types of resources can you define in an access package (Select more than one option)?

a. Azure AD enterprise apps

b. SharePoint Online sites

c. Azure resources

d. Microsoft 365 groups

e. Microsoft 365 licenses

f. Azure AD security groups

Explanation: You define access packages in Azure AD entitlement management to automate access request workflows, access assignments & access expiration. This is important because, often, users (either new employees or ones with recent role changes) do not know what access they need and whom to request access.

SC-900 Access packages in Entitlement management

As seen in the image above, the following are the types of resources defined in an access package:

  • Membership to Azure AD security groups, Microsoft 365 groups
  • Access to Azure AD apps, SaaS apps
  • Access to SharePoint Online sites

Although you cannot directly manage access to Microsoft 365 licenses or Azure resources, you can create an Azure AD security group in the access package and:

  • Give access to users who need Microsoft 365 licenses (via group-based licensing).
  • Create an Azure role assignment for that group

If it is difficult to understand, the below image will help.

SC-900 exam questions Access packages Entitmenent Management

So, options a,b,d,f are the correct answers.

Reference Link:

https://docs.microsoft.com/en-us/learn/modules/describe-identity-protection-governance-capabilities/3-describe-what-entitlement-management-access-reviews (check the video)

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#what-are-access-packages-and-what-resources-can-i-manage-with-them

This question and the detailed explanation are part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

Microsoft Azure Sentinel is a scalable, cloud-native SIEM/SOAR solution. What do the acronyms stand for?

a. Security Incident Event Management (SIEM), Security Orchestration Autonomous Response (SOAR)

b. Security Information Event Management (SIEM), Security Orchestration Automated Response (SOAR)

c. Security Incident Event Management (SIEM), Security Orchestration Automated Response (SOAR)

d. Security Information Event Management (SIEM), Security Orchestration Autonomous Response (SOAR)

Explanation: SIEM (Security Information Event Management) is a centralized collection point for all the log entries generated by your infrastructure, resources, devices, firewall, and endpoints. It then correlates these logs to generate alerts and notifies the administrator.

SOAR (Security Orchestration Automated Response) takes these alerts and automates your threat response (with playbooks). So, SOAR decreases the incident response time.

Azure Sentinel SIEM SOAR solution

In a nutshell, SIEM raises an alert if it detects a malicious activity. SOAR deals with the alerts (including false positives) and prepares an automated response.

So, option b is the correct answer

Reference Link: https://docs.microsoft.com/en-us/azure/sentinel/overview

This question is part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

When you log in to the Microsoft 365 compliance center as a compliance data administrator, which of the following compliance solution areas would you see in the Solutions catalog (Select more than one option)?

SC-900 Practice Test Microsoft 365 Compliance center Solution Catalog

a. Communication compliance

b. Information protection & governance

c. Insider risk management

d. Data loss prevention

e. Discovery & response

f. Advanced eDiscovery

Explanation: Microsoft 365 solutions catalog helps you discover compliance & risk management solutions available to your organization.

The solutions catalog is organized into three compliance solution areas. Each solution area contains information on several compliance solutions.

See the below infographic for more details.

SC-900 Practice Test Microsoft 365 Solutions Catalog Classification

As evident, Insider risk management, Information protection & governance, and Discovery & response are the only three compliance solution areas.

Data loss prevention is a compliance solution within the Information protection & governance solution area.

Advanced eDiscovery is a compliance solution within the Discovery & response solution area.

And Communication compliance is a compliance solution within the Insider risk management solution area.

Data loss prevention Solution catalog Microsoft compliance center

ediscovery microsoft compliance center

Finally, the role compliance data manager doesn’t make any difference. All three roles (Global administrator, Compliance administrator, Compliance data administrator) get the same user experience when they access Microsoft Compliance Center.

Reference Link: https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-solution-catalog?view=o365-worldwide

https://docs.microsoft.com/en-us/learn/modules/describe-compliance-management-capabilities-microsoft/3-describe-compliance-center

This question is part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

Your teammate creates a retention label for applying to documents in OneDrive. He needs to ensure that no one can remove the label. He is presented with the following retention settings screen while creating the label.

SC-900 Practice Test Records management - set as record

Per the requirement, is he good to create the label?

a. Yes

b. No

Explanation: This question has several layers, so let’s uncover them

First, only the retention labels that mark content as a regulatory record cannot be removed by anyone, even the global administrator.

Reference Link: https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide#compare-restrictions-for-what-actions-are-allowed-or-blocked

But, as evident from the image, your teammate can only create a retention label that marks items as records, not regulatory records.

Mark items as record

That’s because this is the default interface when trying to create retention labels under Records management (See the below image).

SC-900 Practice Test records management default

You don’t see the option to mark items as regulatory records because applying regulatory records to content is far more restrictive than applying records (Refer to the table in the above link).

Since Microsoft wants you to be sure about marking content as regulatory records before you do so, they require you to perform an extra step to display that option in the UI:

· Connect to the Office 365 Security & Compliance Center PowerShell

· Run a PowerShell command (details on them below)

After you perform these steps, you can see the option to mark items as a regulatory record

SC-900 Practice Test Records management - set as regulatory record

Per the requirement in the question, he cannot create a label that no one can delete. The correct answer is No.

Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-information-protection-governance-capabilities-microsoft-365/7-describe-records-management

If you are curious about connecting to PowerShell and executing the command to display the option, continue reading. Not required from an exam point of view.

First, install the PowerShell module Exchange Online Management by running this command:

Install-Module -Name ExchangeOnlineManagement

Reference Link: https://powershellgallery.com/packages/Exchange-OnlineManagement/2.0.4

And run the following PowerShell commands on your system:

Import the module

Import-Module ExchangeOnlineManagement

Specify username and password to connect to Microsoft 365 compliance in the window prompt

$UserCredential = Get-Credential

Connect to your Compliance center

Connect-IPPSSession -Credential $UserCredential

Command that enables the display mark content as regulatory records

Set-RegulatoryComplianceUI -Enabled $true

Reference Link:

https://docs.microsoft.com/en-us/powershell/exchange/connect-to-scc-powershell?view=exchange-ps#connect-to-security–compliance-center-powershell-using-modern-authentication (For connecting to Compliance center with PowerShell)

https://docs.microsoft.com/en-us/microsoft-365/compliance/declare-records?view=o365-worldwide#how-to-display-the-option-to-mark-content-as-a-regulatory-record (PowerShell command to display the option to mark content as a regulatory record)

This question is part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

Where can you enable Azure Defender in the Azure portal?

SC-900 Azure Defender

a. Advisor

b. Azure AD Security

c. Security Center

d. Azure Sentinel

Explanation: Microsoft offers a layered approach to security.

  • A base layer – Only Azure Security Center (free, basic level of protection)
  • An advanced layer – Azure Security Center with Azure Defender (paid, advanced protection with features like Just in time access, Adaptive application controls, vulnerability assessment, etc.)

Reference Link: https://techcommunity.microsoft.com/itops-talk-blog/whats-the-difference-between-azure-security-center-azure

You access Azure Defender from Azure Security Center. You get the below screen only after upgrading.

SC-900 Exam Azure Defender

Security Center is the correct choice.

This question is part of my Udemy course SC-900 Exam Questions. It is copyrighted and cannot be reproduced elsewhere without permission.

This question requires you to select the correct answer from the dropdown.

In SaaS, who is responsible for applying hotfixes per the shared responsibility model.

i. Microsoft doesn’t recommend Conditional Access policies for administrator roles.
True False

ii. Conditional Access policies can trigger MFA if the user attempts to access the Azure portal.
True False

Ready to Try Out My SC-900 Course?

To get the SC-900 practice test (full course) on Udemy (with discounted coupon), click here

Also, check out the SC-900 study guide on my blog.

Follow/Like ravikirans.com to Receive Updates

Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the Article in Your Social Media Networks

  •  
  •  
  •  
  •  
  •  
  •  

You may also like

Leave a Reply

Your email address will not be published. Required fields are marked *