Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Describe the concepts of security, compliance, and identity practice sets

SC-900 Describe the concepts of security, compliance, and identity • Complete Question Bank

SC-900 Describe the concepts of security, compliance, and identity — All Questions With Answers

Complete SC-900 Describe the concepts of security, compliance, and identity question bank — all 0 questions with answers and detailed explanations.

235
Questions
Free
No signup
Certifications/SC-900/Practice Test/Describe the concepts of security, compliance, and identity/All Questions
Question 1easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security analyst is explaining the core principles of information security to a new team member. Which principle ensures that data is not modified by unauthorized parties?

Question 2mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is moving its on-premises database to Azure SQL Database. According to the shared responsibility model, which security tasks remain the responsibility of the customer?

Question 3easymultiple choice
Read the full NAT/PAT explanation →

A security architect is adopting a new security model that assumes breach and verifies every access request. The model eliminates implicit trust and requires continuous validation. Which security model is being implemented?

Question 4mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is migrating its on-premises workloads to Azure. The CISO wants to understand the division of security responsibilities between Microsoft and the customer across cloud service models. For which cloud service model does the customer have the most security responsibility?

Question 5hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a new security posture based on the Zero Trust model. The architect wants to ensure that every access request is fully authenticated, authorized, and encrypted before granting access, and that access is granted only to the minimum necessary resources. Which three principles of Zero Trust align with these requirements? (Choose three.)

Question 6easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's security policy requires that customer data must only be accessible by authorized sales representatives. Which security principle does this requirement directly enforce?

Question 7hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses Microsoft Entra ID and has multiple departments with separate organizational units (OUs) in its on-premises Active Directory. The help desk team needs to be able to reset passwords for users only in the Finance department. What feature should be used to delegate this administrative scope?

Question 8easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator is explaining the concept of defense in depth to a new team member. Which statement best describes this approach?

Question 9mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A user logs into a company's financial application using their Microsoft Entra ID credentials. After successful sign-in, the application displays a dashboard with data for only the regions the user is authorized to manage. Which two security concepts are demonstrated in this scenario? (Select all that apply.)

Question 10hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security manager wants to ensure that an employee who sends an email cannot later deny having sent it. Which security concept and associated technology is best suited to achieve this?

Question 11easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company assigns permissions to users based strictly on their job title (e.g., Sales Manager can edit documents, Sales User can only read). Which identity and access management concept is being implemented?

Question 12easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a security measure to ensure that only authorized employees can view sensitive customer records. Which principle of the CIA triad does this measure primarily protect?

Question 13easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements regular data backups and a disaster recovery plan to restore critical systems after an outage. Which security principle is primarily being addressed by these measures?

Question 14easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator configures user accounts so that employees have only the permissions necessary to perform their job functions and no more. Which security concept is being applied?

Question 15easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses cryptographic hashes to verify that a downloaded software file has not been modified by an attacker during transmission. Which principle of the CIA triad is primarily being addressed?

Question 16easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization stores patient records in an encrypted database. Access to the database is restricted to authorized medical staff only. Which security principle is primarily being addressed by these measures?

Question 17easymultiple choice
Read the full NAT/PAT explanation →

A financial institution uses digital signatures to ensure that a transaction record has not been altered after it was processed. Which security principle is primarily addressed?

Question 18mediummultiple choice
Read the full VPN explanation →

A company requires all employees to provide a one-time passcode generated by an authenticator app in addition to their password when accessing the corporate VPN. This practice is an example of which security concept?

Question 19easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a system where user access rights are reviewed and certified on a regular basis by data owners. The goal is to ensure that users continue to have only the permissions necessary to perform their job functions and that no excessive permissions exist. Which security principle is primarily being implemented through these regular reviews?

Question 20easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company configures its access control system so that each user can only access the data and perform actions that are strictly necessary for their job role. This configuration is a direct implementation of which security principle?

Question 21hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company hosts a line-of-business application on an Azure virtual machine. The IT team is responsible for configuring the operating system, installing security updates, and managing the application code. An auditor asks who is responsible for the physical security of the data center where the virtual machine runs. According to the shared responsibility model for cloud services, who is responsible?

Question 22easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company regularly performs automated backups of its critical databases and has a disaster recovery plan to restore operations quickly after a system failure. Which security principle is primarily being addressed by these measures?

Question 23easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a defense strategy for the organization's network. The architect assumes that an attacker may already have breached the perimeter and is operating inside the network. Therefore, the design does not automatically trust any user or device, even if they are inside the corporate network, and requires continuous verification for every access request. Which security principle does this approach best represent?

Question 24easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a security strategy that includes multiple layers of controls: a perimeter firewall, an intrusion detection system, endpoint antivirus software, and multi-factor authentication for user access. The goal is that if one layer fails, another layer is in place to prevent or mitigate an attack. Which security principle does this approach best represent?

Question 25easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security manager explains that the company's security strategy relies on multiple layers of controls, such as firewalls, antivirus software, and multi-factor authentication, so that if one layer fails, another can still prevent an attack. Which security principle does this strategy best represent?

Question 26hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is deploying a web application on Azure App Service. The security officer states that according to the shared responsibility model, the customer is responsible for managing access to the application and securing the application code. Which of the following responsibilities does Microsoft retain for Azure App Service?

Question 27easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a defense strategy for a company's IT infrastructure. The strategy includes deploying a network firewall, using an intrusion detection system, installing antivirus software on all endpoints, and requiring multi-factor authentication for all user accounts. The architect explains that if the firewall fails, the IDS can detect an intrusion, and if the IDS misses something, the antivirus might catch it, and MFA can protect even if credentials are compromised. Which security principle best describes this layered approach?

Question 28mediummultiple choice
Read the full NAT/PAT explanation →

A company uses digital signatures to ensure that a sender cannot later deny having sent a message. Which security principle does this primarily address?

Question 29easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An attacker gains access to a company's email system and reads confidential customer emails. Which security principle has been compromised?

Question 30easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company subscribes to Microsoft 365 E5, a Software-as-a-Service (SaaS) offering. The IT department is responsible for configuring user accounts and managing data in Exchange Online and SharePoint Online. According to the shared responsibility model, which security responsibility is retained by Microsoft for this SaaS deployment?

Question 31easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company operates an e-commerce website that must remain accessible during high-traffic holiday seasons. The IT team deploys additional web servers and implements automatic failover to a secondary data center if the primary site goes down. Which security principle is the company primarily addressing?

Question 32easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company has a document management system. The security policy requires that a user in the Sales department can only view documents related to sales and cannot access documents in the Finance or HR folders. Which security principle is being applied?

Question 33mediummultiple choice
Read the full NAT/PAT explanation →

A company has implemented a security model where every access request is fully authenticated, authorized, and encrypted before granting access, regardless of where the request originates (corporate network or internet). The model assumes that no entity is inherently trustworthy and requires continuous verification. This model is known as:

Question 34easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a sign-in process where a user must provide their password and then enter a temporary code sent to their mobile phone. Which security principle is this process primarily enforcing?

Question 35easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user logs into the company's network using their username and password. After successful login, the user attempts to open a financial report but receives an access denied message because they are not a member of the 'Finance' security group. Which security concept is best illustrated by the access denial?

Question 36easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys a web application on Azure virtual machines (VMs) in an Infrastructure-as-a-Service (IaaS) model. The company is responsible for managing the guest operating system, the application code, and the data stored on the VMs. According to the shared responsibility model, which of the following security responsibilities does Microsoft retain in this scenario?

Question 37easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A hotel uses a key card system. Guests insert their card into the door lock, which reads the card's ID number. The system checks the ID number against a list of authorized rooms. If the ID matches an authorized room, the door unlocks. In this scenario, which concept is demonstrated when the system checks the ID number against the list of authorized rooms?

Question 38easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user logs into a company's application using their username and password. After logging in, the application checks whether the user belongs to the 'Admin' role before granting access to the user management page. Which security concept is primarily illustrated by the role check?

Question 39easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys firewalls, intrusion detection systems, and endpoint antivirus software at multiple layers of its network. This strategy is intended to ensure that if one security control fails, others still provide protection. Which security concept does this approach represent?

Question 40easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization stores sensitive customer data in a cloud database. The security team uses encryption to protect the data while it is stored and while it is transmitted. They also implement role-based access control to ensure only authorized users can modify the data. Which two security principles are primarily being upheld by these actions?

Question 41easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company secures its network by deploying a firewall at the perimeter, an intrusion prevention system on internal segments, endpoint antivirus on all workstations, and encrypting sensitive data at rest and in transit. This layered approach ensures that if one control fails, others still provide protection. Which security concept does this strategy best represent?

Question 42easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A company requires users to enter a password and then a temporary code from a mobile app to sign in. After signing in, a user attempts to open a confidential document but is denied because they are not a member of the 'Managers' group. Which two security concepts are primarily demonstrated in this scenario?

Question 43easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user receives an encrypted email from their bank. They use their private key to decrypt the message. After reading it, they verify that the message content has not been altered during transit. Which security principle is primarily demonstrated by the verification that the content was not altered?

Question 44easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements multiple layers of security controls: firewalls at the perimeter, intrusion detection systems on internal segments, antivirus software on all workstations, and encryption for sensitive data at rest and in transit. This strategy is intended to ensure that if one control fails, others still provide protection. Which security concept does this approach represent?

Question 45easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company subscribes to a SaaS human resources application hosted by an external provider. The provider is responsible for maintaining the physical data centers, network infrastructure, and the underlying application software. The company is responsible for managing user accounts, configuring user permissions, and classifying the data they upload. Which security model does this arrangement primarily describe?

Question 46easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user authenticates to a company's network by entering their password and then approving a push notification on their mobile phone. After authentication, the user attempts to access a shared folder containing financial reports. The access is denied because the user's account is not a member of the 'Finance' group. Which security concept is demonstrated when the user is denied access to the folder?

Question 47easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user downloads a software update from a company's internal website. The update file is hashed, and the hash value is published on a separate secure page. After downloading, the user computes the hash of the downloaded file and compares it to the published hash. The two values match. Which security concept is primarily demonstrated by this comparison?

Question 48easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a security model where no user or device is automatically trusted, even if they are inside the corporate network. Every access request must be authenticated, authorized, and encrypted before granting access, regardless of the request origin. This model is known as:

Question 49easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator is configuring permissions for a new cloud-based expense reporting application. The administrator assigns each employee only the permissions they need to perform their job functions. For example, employees in the Sales department can view expense reports but cannot approve or modify financial data. Which security principle is the administrator implementing?

Question 50easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization stores sensitive patient records in a cloud database. The database is encrypted at rest using AES-256. If an attacker gains access to the physical storage media, they cannot read the data. Which security concept does this encryption primarily provide?

Question 51easymultiple choice
Review the full routing breakdown →

A company hosts a mission-critical customer portal on Azure virtual machines. To ensure continuous availability, they deploy the application across two separate Azure regions. If one region experiences a failure, traffic is automatically routed to the other region with minimal disruption. Which security goal is primarily being addressed by this architecture?

Question 52easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company issues laptops to all employees with BitLocker full-disk encryption enabled. If a laptop is stolen, the data on the hard drive cannot be read without the recovery key. Which security principle does this measure primarily protect?

Question 53mediummultiple choice
Read the full NAT/PAT explanation →

A company uses digital signatures on all official emails sent to customers. The signature is created using the sender’s private key, allowing recipients to verify that the email truly came from the claimed sender and that it was not altered in transit. Which security goal is primarily achieved by the digital signature?

Question 54easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses a financial accounting system where the employee who creates a purchase order cannot also approve it. This policy is designed to prevent a single individual from committing fraud by both initiating and approving a transaction. Which security principle does this practice primarily implement?

Question 55easymultiple choice
Read the full NAT/PAT explanation →

A hospital encrypts patient data stored in a database using AES-256 encryption. If an attacker manages to copy the database file, they cannot read the protected information. Which security goal is primarily achieved by this encryption measure?

Question 56easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is migrating its on-premises applications to Azure. The CIO states that the company is fully responsible for managing the security of its own applications and data, while Microsoft is responsible for the security of the underlying physical infrastructure, such as hardware and data centers. This division of security responsibilities is an example of which concept?

Question 57easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements multiple layers of security controls including a firewall, an intrusion detection system (IDS), antivirus software on endpoints, and regular security awareness training for employees. This approach is an example of which security concept?

Question 58easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security analyst downloads a software installer from a vendor's website. To ensure the file has not been tampered with during transmission, the analyst compares the SHA-256 hash of the downloaded file against the hash published on the vendor's official site. This practice primarily validates which security goal?

Question 59easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is moving its on-premises infrastructure to Azure. The CISO wants to understand the division of security responsibilities between the cloud provider and the customer. Which of the following models defines this division?

Question 60mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization is redesigning its security architecture based on the Zero Trust model. Which principle requires that every access request must be fully authenticated, authorized, and encrypted before granting access, regardless of the network location?

Question 61mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is explaining identity management concepts to the IT team. Which statement correctly describes the difference between authentication and authorization?

Question 62easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security analyst is explaining the concept of 'defense in depth' to a new team member. Which of the following best describes the defense in depth strategy?

Question 63easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization adopts a Zero Trust security model. Which principle requires that every access request must be explicitly verified and granted least privilege regardless of the user's location or device?

Question 64easymultiple choice
Read the full NAT/PAT explanation →

A company uses Azure SQL Database, which is a Platform as a Service (PaaS) offering. The security team is reviewing the shared responsibility model and wants to know who is responsible for applying operating system patches to the underlying infrastructure that hosts the database. Who is responsible for this task?

Question 65hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company stores application secrets and encryption keys in Azure Key Vault. They want to move from the older vault access policy model to a more scalable and granular permission model that integrates with Azure's role-based access control (RBAC). They also need to audit permissions using Azure Policy. Which access configuration should they choose for Azure Key Vault?

Question 66easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization is moving a virtual machine to Azure Infrastructure as a Service (IaaS). According to the shared responsibility model, which of the following security tasks is the customer responsible for?

Question 67easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator is explaining authentication and authorization to new IT staff. Which statement correctly describes the difference between these two processes?

Question 68mediummultiple choice
Read the full NAT/PAT explanation →

A multinational company stores customer data across multiple Azure regions. A new regulation requires that customer data must remain within the country's borders and cannot be transferred abroad. Which concept does this regulation primarily relate to?

Question 69hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys a custom application on Azure App Service (PaaS). Which of the following security responsibilities falls completely under the customer's scope according to the shared responsibility model?

Question 70mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses a cloud-based SaaS (Software as a Service) application for customer relationship management. According to the shared responsibility model, which security responsibility is primarily handled by the customer?

Question 71easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security analyst is explaining the concept of 'Least Privilege' to a new team member. Which statement best describes the principle of least privilege?

Question 72mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a Zero Trust strategy. Which principle ensures that network location alone does not grant trust, and all access requests must be verified?

Question 73easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

According to the Zero Trust security model, which principle assumes that a breach has already occurred and therefore requires segmenting access and monitoring for lateral movement?

Question 74easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator is explaining the shared responsibility model to a new team member. The company uses a Software-as-a-Service (SaaS) application such as Microsoft 365. For which of the following items is the customer primarily responsible under this model?

Question 75hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is designing a Zero Trust security model for a hybrid organization. Which principle of Zero Trust requires that every access request must be fully authenticated and authorized regardless of the network location, and that access should be granted with the minimum level required?

Question 76easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses a cloud-based Customer Relationship Management (CRM) system that is delivered as Software-as-a-Service (SaaS). According to the shared responsibility model, which security responsibility is primarily handled by the customer?

Question 77easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization is implementing a Zero Trust security model. Which principle requires that every access request must be fully authenticated, authorized, and verified based on all available signals, regardless of the user's network location?

Question 78mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is migrating its on-premises applications to Azure Infrastructure-as-a-Service (IaaS). According to the shared responsibility model, which of the following security responsibilities shifts from the customer to Microsoft during this migration?

Question 79easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is migrating its on-premises virtual machines to Azure Infrastructure-as-a-Service (IaaS). Which security responsibility primarily shifts from the customer to Microsoft during this migration?

Question 80mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect explains the Zero Trust model to the board. They state that every access request must be fully authenticated and authorized based on identity, device health, location, and risk, regardless of whether the user is on the corporate network. Which Zero Trust principle does this statement represent?

Question 81hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is implementing a Zero Trust security model. The architect insists that the network perimeter should not be trusted and that security controls must be applied to all traffic, even within the corporate network. They also emphasize the need for continuous monitoring and detection of threats as if a breach has already occurred. Which Zero Trust principle is the architect primarily applying?

Question 82easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security administrator is explaining the Zero Trust model to a new colleague. The administrator states that trust should never be granted based solely on network location, and every access request must be fully authenticated and authorized using all available signals. Which Zero Trust principle does this statement describe?

Question 83easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is explaining the evolution of the security perimeter. They state that because users access corporate resources from anywhere on any device, the traditional network perimeter is no longer sufficient. What does the architect identify as the new primary security perimeter?

Question 84mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security architect is explaining the Zero Trust model to the board. The architect emphasizes that the network perimeter can no longer be considered a safe zone. Which statement best describes the modern primary security perimeter according to Zero Trust principles?

Question 85easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company subscribes to a cloud-based email service that is delivered as Software-as-a-Service (SaaS). According to the shared responsibility model, who is primarily responsible for the physical security of the data centers where the email data is stored?

Question 86easymultiple choice
Read the full NAT/PAT explanation →

A hospital stores patient medical records electronically. An attacker gains access to the system and modifies patient diagnoses. Which principle of the CIA triad has been violated?

Question 87hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user logs into a corporate laptop by inserting a smart card and entering a PIN. The user then attempts to open a confidential folder. The operating system checks the user's access rights and denies access. Which security concepts are demonstrated in this scenario?

Question 88easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is implementing a new security policy that requires every user to have only the minimum permissions necessary to perform their job duties. Which security principle does this policy align with?

Question 89easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's IT department deploys a multi-layered security strategy that includes a perimeter firewall, network segmentation, endpoint antivirus software, data encryption, and employee security awareness training. Which security model does this approach represent?

Question 90mediummultiple choice
Read the full NAT/PAT explanation →

A security architect is implementing a Zero Trust strategy. They state that all access requests must be verified continuously, regardless of where the request originates (corporate network or remote). They also emphasize that access is granted based on a policy that evaluates user identity, device health, location, and risk in real-time. Which Zero Trust guiding principle does this scenario primarily illustrate?

Question 91easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys full disk encryption on all employee laptops to protect data in case a device is lost or stolen. Which security goal does this measure primarily address?

Question 92hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses Microsoft 365 E5. An employee's corporate laptop is infected with keylogging malware that captures the employee's credentials. The attacker uses these credentials to sign in to Exchange Online and forward sensitive emails to an external account. Under the shared responsibility model, who is primarily responsible for the security incident?

Question 93easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's security policy requires that all data transferred between the corporate data center and the cloud must be protected from unauthorized access during transmission. They use encryption protocols such as TLS to achieve this. Which security goal is primarily being addressed?

Question 94easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is implementing security controls to protect data during transmission between their on-premises database and a cloud storage service. They decide to use TLS encryption. Which security goal is primarily addressed by ensuring that data is not altered during transit?

Question 95mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization is migrating its on-premises applications to Azure Infrastructure-as-a-Service (IaaS). According to the shared responsibility model, which of the following security responsibilities remain with Microsoft? (Select two.)

Question 96easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A user scans their fingerprint to unlock a corporate laptop. After unlocking, the user attempts to open a confidential database. The system checks the user's role and grants access because the user is a member of the 'Data Analyst' group. Which two security concepts are demonstrated in this scenario?

Question 97mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's IT department implements a policy for server administrators: they must submit an access request to perform privileged tasks on critical servers. Each request is approved by a manager, and the granted elevated permissions automatically expire after four hours. This approach reduces the risk of standing privileges being exploited. Which security concept is primarily being applied?

Question 98hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys a custom web application on Azure App Service (PaaS). The application stores user data in Azure SQL Database. The security team is responsible for securing the application code, managing authentication, and configuring TLS for data in transit. According to the Microsoft shared responsibility model, which security responsibility remains with Microsoft for this PaaS deployment?

Question 99easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company stores sensitive customer data in an Azure SQL database. To protect this data, the database files are encrypted at rest using Transparent Data Encryption (TDE). Additionally, all network traffic between the application and the database is encrypted using TLS. Which security goal is primarily addressed by these encryption measures?

Question 100easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements multiple layers of security controls, including firewalls, antivirus software, access controls, and security awareness training. Which security concept does this approach best represent?

Question 101mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user authenticates with a smart card and is then granted access to a specific database based on their job role in the finance department. Which security concept describes the process of determining what the authenticated user is allowed to do?

Question 102easymultiple choice
Read the full NAT/PAT explanation →

A company uses a cloud-based email service. The service provider ensures that the physical data centers are secure and that the email platform is patched and available. The company is responsible for managing user accounts and ensuring that employees use strong passwords. This division of responsibilities is an example of which concept?

Question 103easymultiple choice
Read the full NAT/PAT explanation →

A healthcare company stores patient records in an Azure SQL database. To protect the data, they enable Transparent Data Encryption (TDE) for the database and require all client connections to use TLS. Which security goal is being primarily addressed by these measures?

Question 104hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys a custom web application on Azure App Service (PaaS). The application stores data in Azure SQL Database. The security team needs to identify which security responsibilities fall under the customer according to the Microsoft shared responsibility model. Which of the following is primarily the customer's responsibility for this PaaS deployment?

Question 105easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a security policy where employees must use a smart card to log into their workstations. After logging in, they can only access file shares that correspond to their department. Which two security concepts are demonstrated in this scenario?

Question 106easymultiple choice
Study the full AAA explanation →

An organization adopts a security model where they never trust a request by default, even if it comes from inside the corporate network. Every access request must be authenticated, authorized, and encrypted. They also assume that a breach will happen and design their systems to minimize the blast radius. Which security model does this describe?

Question 107mediummultiple choice
Read the full NAT/PAT explanation →

A financial company processes stock trades. To ensure that a trader cannot later deny having submitted a specific trade order, the system captures a digital signature from the trader for each order. Which security goal is being addressed by this practice?

Question 108mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys a virtual machine on Azure IaaS. According to the Microsoft shared responsibility model, which of the following security responsibilities is primarily the customer's responsibility?

Question 109easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses digital signatures on electronic medical records to ensure that the records have not been tampered with during transmission. Which security goal is primarily being addressed by this practice?

Question 110easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company configures its identity and access management system so that employees are granted only the permissions necessary to perform their job functions. For example, a sales representative has read-only access to the customer database and cannot modify financial records. Which security principle is being applied in this scenario?

Question 111mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's security team has adopted a strategy that assumes a breach has already occurred. They implement network segmentation, apply strict least privilege access, continuously verify all access requests, and never trust users or devices solely because they are inside the network perimeter. This approach best describes which security model?

Question 112easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company wants to ensure that data is not altered during transmission between a client and a server. They use TLS encryption. Which security goal does this primarily address?

Question 113easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization implements a policy where users must provide two forms of verification, such as a password and a text message code, to access the corporate network. Which security concept does this demonstrate?

Question 114easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company implements a policy where each employee is granted only the permissions necessary to perform their specific job role. For example, a marketing specialist has read-only access to the customer database and cannot modify financial records. Which security principle is primarily being applied?

Question 115hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses an on-premises Active Directory (AD) and wants to enable single sign-on (SSO) for users to access Microsoft 365 and a third-party SaaS application. They plan to use an external identity provider (IdP) that supports Security Assertion Markup Language (SAML) 2.0. Which identity concept does this implementation primarily rely on?

Question 116mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A financial organization implements a security control that logs every access attempt to sensitive financial records, including who accessed the data, when it was accessed, and from which device. The logs are regularly reviewed by the security team. This control primarily addresses which security concept?

Question 117easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's security team configures network firewall rules so that only a dedicated jump server's IP address can initiate RDP connections to production servers. This is an example of which security principle?

Question 118mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user successfully authenticates to a system using a smart card. After authentication, the system checks whether the user's device is compliant with security policies before granting access to the network. This additional check is an example of which security concept?

Question 119easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization uses a system where users first provide a username and password (Step 1) and then the system checks whether the user has permission to view a specific folder (Step 2). Which two security concepts are demonstrated in this process? (Choose two.)

Question 120easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company's security team implements a system where every access attempt to sensitive data is recorded, including who accessed the data and when. The logs are regularly reviewed to detect unauthorized access and to hold users accountable for their actions. Which security goal is primarily being addressed by this logging practice?

Question 121hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization implements a security policy where users must authenticate using a smart card and PIN. After successful authentication, the system checks whether the user's device is managed by the organization and complies with security baselines. If the device is compliant, the user is granted access to the corporate network. If not, access is denied. This approach most directly reflects which security model?

Question 122mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company stores critical financial reports in a SharePoint Online library. To ensure that the reports have not been tampered with, the security team compares a calculated hash of each file against a stored baseline. This verification process primarily protects which security goal?

Question 123easymultiple choice
Read the full NAT/PAT explanation →

A financial institution uses digital signatures to sign all transaction records. This ensures that the records have not been altered after signing. Which security goal does this primarily protect?

Question 124easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A user logs into a company portal by entering a username and password. After successful login, the system checks if the user is a member of the 'Sales' group and then grants access to the sales dashboard. Which two security concepts are demonstrated in this process? (Choose all that apply.) (Choose two.)

Question 125easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses a hashing algorithm to verify that a downloaded software file has not been tampered with during transmission. This practice primarily protects which security principle?

Question 126mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization adopts a security model that requires explicit verification of every access request, uses least privilege principles, and assumes that a breach has already occurred. Which security model does this describe?

Question 127mediumdrag order
Study the full multicast explanation →

Arrange the steps to configure Azure AD Privileged Identity Management (PIM) for a role in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 128mediumdrag order
Read the full Describe the concepts of security, compliance, and identity explanation →

Order the steps to respond to a data breach using Microsoft 365 Defender incident response.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 129mediumdrag order
Read the full Describe the concepts of security, compliance, and identity explanation →

Sequence the steps to configure a retention policy in Microsoft Purview compliance portal.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 130mediummatching
Read the full Describe the concepts of security, compliance, and identity explanation →

Match each Microsoft security feature to its primary purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Detect and remediate identity-based risks

Discover and control cloud app usage

Classify and protect sensitive data

Protect devices from threats

Shadow IT discovery and threat protection

Question 131mediummatching
Read the full Describe the concepts of security, compliance, and identity explanation →

Match each Microsoft 365 compliance feature to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Prevent accidental sharing of sensitive info

Record user and admin activity

Keep or delete data for a specified time

Classify and protect content

Track compliance posture and recommendations

Question 132mediummatching
Read the full Describe the concepts of security, compliance, and identity explanation →

Match each Azure security service to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enforce organizational standards and assess compliance

Define repeatable Azure resources and policies

Unified security management and threat protection

Cloud-native SIEM and SOAR solution

Securely store and manage secrets and keys

Question 133mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization is implementing a Zero Trust security model. Which Microsoft Entra ID feature should you use to verify that users and devices meet specific health requirements before granting access to corporate resources?

Question 134hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company uses Microsoft Purview Information Protection to classify sensitive data. A user reports that when they try to share a document containing a credit card number via email, the email is blocked. Which Purview feature is most likely causing this behavior?

Question 135easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Which Microsoft security solution provides centralized investigation and response across identities, endpoints, email, and cloud apps by correlating alerts from multiple sources?

Question 136mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization is deploying Microsoft Entra ID Governance. You need to automate the process of removing user access to a critical application when the user leaves the company. Which feature should you configure?

Question 137hardmultiple choice
Read the full NAT/PAT explanation →

Your company uses Microsoft Defender for Cloud Apps. You notice that a user is downloading large volumes of data from a sanctioned cloud app that exceeds the normal pattern. Which action should you take to automatically block this activity?

Question 138easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Which of the following is a primary purpose of Microsoft Entra ID Identity Protection?

Question 139mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Sentinel as a SIEM. You need to create a rule that triggers an incident when a user account is created in an Azure subscription and then logs in from an unfamiliar location within 24 hours. Which type of rule should you configure?

Question 140hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company is adopting a Zero Trust network architecture. You need to implement microsegmentation for workloads running in Azure. Which Azure service should you use?

Question 141easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Which Microsoft cloud service provides a unified data governance solution that helps you manage and protect data across your entire data estate, including multi-cloud and on-premises?

Question 142mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are components of the Microsoft Entra product family? (Choose two.)

Question 143hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are capabilities of Microsoft Purview Data Loss Prevention (DLP)? (Choose three.)

Question 144easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are identity-related security best practices recommended by Microsoft? (Choose two.)

Question 145hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You are reviewing a Conditional Access policy configuration in Microsoft Entra ID. Based on the exhibit, what is the effect of this policy?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "displayName": "Block high-risk sign-ins",
    "state": "enabled",
    "conditions": {
      "userRiskLevels": [],
      "signInRiskLevels": ["high"]
    },
    "grantControls": {
      "builtInControls": ["block"]
    }
  }
}
```
Question 146mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You are a security analyst using Microsoft Sentinel. You run the Kusto query shown in the exhibit. What does this query do?

Exhibit

Refer to the exhibit.
```kusto
// KQL query in Microsoft Sentinel
SecurityAlert
| where TimeGenerated > ago(7d)
| where AlertName has "MFA"
| summarize Count = count() by AlertName, bin(TimeGenerated, 1d)
| render timechart
```
Question 147easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You run the PowerShell command shown in the exhibit. What is the purpose of this command?

Exhibit

Refer to the exhibit.
```powershell
# PowerShell command to assign a sensitivity label
Set-AIPFileLabel -Path "C:\Reports\FinancialReport.docx" -LabelID "e6c3f7b0-1a2b-4c5d-9e8f-0a1b2c3d4e5f" -Justification "Policy update"
```
Question 148easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization wants to enforce multi-factor authentication (MFA) for all users accessing cloud applications. Which Microsoft Entra ID feature should you configure?

Question 149mediummultiple choice
Read the full NAT/PAT explanation →

Your company is implementing a zero-trust security model. Which principle requires verifying every access request as though it originates from an untrusted network, even if the request comes from within the corporate network?

Question 150hardmultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Purview to classify sensitive data. You need to create a custom sensitive information type that detects employee IDs matching the pattern 'EMP-XXXXX' (where X is a digit). Which rule pack element must you define?

Question 151easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization needs to control which users can access Microsoft Purview compliance portal. Which method should you use to grant access?

Question 152mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company is implementing data loss prevention (DLP) policies in Microsoft Purview. You need to prevent users from sharing credit card numbers via email. Which type of sensitive information type should you use in the DLP rule?

Question 153hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Defender for Cloud Apps. You need to discover shadow IT usage. Which feature should you enable?

Question 154mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization wants to use Microsoft Entra ID to provide single sign-on (SSO) for a third-party SaaS application. What must you configure in Microsoft Entra ID?

Question 155easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Which Microsoft Purview solution should you use to automatically retain or delete content based on regulations?

Question 156hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Sentinel. You need to create a custom analytics rule that triggers an incident when a user executes a specific command on Azure VMs. Which data source should you connect to capture the command execution logs?

Question 157mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are principles of the Zero Trust security model? (Select two.)

Question 158hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are capabilities of Microsoft Purview Information Protection? (Select three.)

Question 159easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are types of identity in Microsoft Entra ID? (Select two.)

Question 160mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. You have a Conditional Access policy defined in Microsoft Entra ID. What is the effect of this policy?

Exhibit

{
  "ConditionalAccessPolicy": {
    "Name": "Require MFA for External Users",
    "Conditions": {
      "UsersAndGroups": {
        "IncludeExternalUsers": true
      },
      "Applications": {
        "IncludeAll": true
      }
    },
    "Controls": {
      "Grant": {
        "RequireMfa": true
      }
    }
  }
}
Question 161hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. You are configuring a sensitivity label in Microsoft Purview. The label is set to automatically apply when credit card numbers are detected. However, users report that the label is not being applied to documents containing credit card numbers. What is the most likely cause?

Exhibit

{
  "SensitivityLabel": {
    "Name": "Confidential",
    "Protection": {
      "Encryption": {
        "Enabled": true,
        "ProtectionType": "UserDefined",
        "UserPermissions": [
          {
            "User": "user@contoso.com",
            "Rights": ["View", "Edit"]
          }
        ]
      }
    },
    "AutoLabeling": {
      "Rule": {
        "Condition": {
          "ContainsSensitiveInformation": ["Credit Card Number"]
        }
      }
    }
  }
}
Question 162easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. You have a Data Loss Prevention (DLP) policy in Microsoft Purview. What will happen when a user tries to share a document containing a credit card number via email?

Exhibit

{
  "DLPRule": {
    "Name": "Block Credit Card Sharing",
    "Condition": {
      "SensitiveInformation": ["Credit Card Number"]
    },
    "Action": {
      "BlockAccess": true,
      "NotifyUser": {
        "EmailText": "Sharing credit card data is blocked."
      }
    }
  }
}
Question 163easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company wants to ensure that only authorized users can access sensitive financial data stored in Microsoft SharePoint Online. Which identity feature should they use to require a second form of verification?

Question 164mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization is implementing Microsoft Purview to manage data compliance. They need to automatically detect and protect credit card numbers in emails and documents. Which Microsoft Purview feature should they configure?

Question 165hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation uses Microsoft Entra ID for identity management. They want to allow their external partners to use their own corporate credentials to access the company's resources, rather than creating guest accounts. Which Entra ID feature should they use?

Question 166easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization must comply with HIPAA regulations regarding the protection of patient health information (PHI). Which cloud compliance concept ensures that the organization has controls in place to meet regulatory requirements?

Question 167mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company uses Microsoft Defender for Cloud to assess security posture. A recommendation states that virtual machines should have just-in-time (JIT) network access enabled. What is the primary security benefit of enabling JIT?

Question 168hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A Microsoft 365 organization needs to classify and protect sensitive documents based on their content, such as passport numbers. They want the classification to be applied automatically without user intervention. Which Microsoft Purview solution should they use?

Question 169easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are purposes of the 'Zero Trust' security model?

Question 170mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are key concepts of identity management in Microsoft Entra ID?

Question 171hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are features of Microsoft Purview Audit?

Question 172hardmultiple choice
Read the full NAT/PAT explanation →

You are the security architect for a multinational organization that uses Microsoft 365 E5, Microsoft Entra ID P2, and Microsoft Purview. The company has 10,000 employees across five regions. The legal department requires that all documents containing personally identifiable information (PII) of European Union citizens be automatically labeled with a 'Highly Confidential' sensitivity label and encrypted. Additionally, any sharing of such documents with external users must be blocked unless the sender explicitly justifies the business need. The solution must minimize manual user intervention. You need to design a Microsoft Purview configuration. What should you do?

Question 173mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company has a Microsoft 365 E5 subscription and uses Microsoft Teams for collaboration. The security team needs to ensure that guest users invited to Teams channels are required to pass multi-factor authentication (MFA) before accessing company resources. Currently, guest users are invited via Entra ID External ID but MFA is not enforced. You need to enforce MFA for all guest users. The solution should apply to all guest users across all applications. What should you configure?

Question 174easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A small business uses Microsoft 365 Business Premium. The owner wants to ensure that employees can access their email and files from anywhere, but only from trusted devices that comply with company security policies (e.g., have antivirus enabled and are up-to-date). They have heard about Microsoft Intune but are not sure if it's included. You need to recommend a solution that enforces device compliance for accessing company data. What should you do?

Question 175mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Entra ID for identity management. You need to ensure that users can sign in using their social media accounts, such as Google or Facebook. Which feature should you configure?

Question 176hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is implementing Microsoft Purview Information Protection. They want to automatically apply a 'Confidential' sensitivity label to emails containing credit card numbers. Which policy should they configure?

Question 177easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Defender XDR. The security team wants a central dashboard showing the overall security posture and recommended actions. Which tool should they use?

Question 178hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is planning to use Copilot for Microsoft 365. To ensure that Copilot responses are based only on data accessible to the user, which principle must be enforced?

Question 179mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO components are part of the 'Zero Trust' security model? (Choose two.)

Question 180easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are benefits of using Microsoft Entra ID for identity management? (Choose two.)

Question 181hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are capabilities of Microsoft Purview Compliance Manager? (Choose three.)

Question 182hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You are a security administrator for Contoso Ltd., a global financial services company with 5,000 employees. The company uses Microsoft 365 E5 licenses and has deployed Microsoft Entra ID, Microsoft Defender XDR, Microsoft Purview, and Microsoft Intune. Recently, the security team identified a risk: employees are sharing sensitive financial reports via external email recipients without encryption. To address this, you need to implement a solution that automatically applies encryption to emails containing the sensitive information type 'U.S. Bank Account Number' when sent to external recipients. The solution must not block the email but should encrypt it. Additionally, you want to notify the sender with a policy tip that the email will be encrypted. You have access to the Microsoft Purview compliance portal. What should you configure?

Question 183mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You work for a healthcare organization that uses Microsoft 365 E5 licenses. The organization must comply with HIPAA regulations. You need to ensure that electronic protected health information (ePHI) is classified and protected. Specifically, you want to automatically detect and apply a 'Highly Confidential' sensitivity label to documents containing medical record numbers, and also prevent users from sharing these documents externally via email. You have Microsoft Purview deployed. What should you implement first?

Question 184easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization is adopting a Zero Trust security model. You are tasked with implementing identity protection. The requirements are: enforce multi-factor authentication (MFA) for all users when accessing cloud applications, ensure that risky sign-ins are detected and blocked automatically, and provide administrators with a dashboard showing user risk levels. You have Microsoft Entra ID P2 licenses. What should you configure?

Question 185mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You are a compliance officer for a law firm that uses Microsoft 365 E5 licenses. The firm must comply with GDPR. You need to implement a solution that automatically identifies personal data (e.g., email addresses) in SharePoint Online documents and applies a 'GDPR-Protected' sensitivity label. Additionally, you need to ensure that if a user attempts to share a labeled document externally, they receive a policy tip warning about GDPR compliance, but the share is not blocked. You have Microsoft Purview. What should you configure?

Question 186hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Intune and Microsoft Entra ID. You need to enforce that only compliant and managed devices can access corporate email in Microsoft 365. Additionally, if a device is jailbroken, access should be blocked. You also want to provide a seamless sign-in experience for compliant devices. You have Microsoft Entra ID P1 licenses. What should you configure?

Question 187mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization wants to ensure that only users with a specific sensitivity label can access a SharePoint site. Which Microsoft Purview feature should you configure?

Question 188hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company deploys Microsoft Defender for Cloud Apps. They want to detect when a user downloads more than 100 files from SharePoint in 10 minutes. Which policy type should they create?

Question 189easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user reports that they cannot access a sensitive document in SharePoint. The document has a sensitivity label of 'Highly Confidential' applied. The user is a member of the 'Finance' group, which has the label permission. However, the user is located in a country that is blocked by a conditional access policy. What is the most likely reason the user cannot access the document?

Question 190mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Entra ID for identity management. You need to implement a solution that allows external partners to access resources using their own identity provider. Which Microsoft Entra feature should you use?

Question 191hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses Microsoft Defender for Endpoint. An alert indicates that a device is communicating with a known malicious IP address. The security team wants to automatically block the IP address on all devices. Which action should they configure?

Question 192easymultiple choice
Read the full NAT/PAT explanation →

An organization wants to classify and label data automatically based on sensitive content patterns such as credit card numbers. Which Microsoft Purview solution should they use?

Question 193mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your company uses Microsoft Intune for device management. You need to ensure that all company data on a user's personally owned device is removed when the user is offboarded, but the user's personal data should remain. Which wipe action should you use?

Question 194hardmultiple choice
Read the full Ansible explanation →

A security administrator receives an alert from Microsoft Sentinel about a possible brute-force attack against a virtual machine. The administrator wants to automatically block the attacker's IP address for 24 hours using a playbook. Which automation trigger should the playbook use?

Question 195mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization uses Microsoft Purview to enforce retention policies. You need to retain all documents in a specific SharePoint site for 5 years after they are created, and then delete them permanently. What should you configure?

Question 196mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO are principles of the Zero Trust security model?

Question 197hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE are capabilities of Microsoft Defender XDR?

Question 198easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO are features of Microsoft Entra ID?

Question 199mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You find the above JSON in a SharePoint document's metadata. Based on the exhibit, what is the effect of the label applied to the document?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "contentType": {
      "id": "0x010100B0C6F9B7D9F14F4A9A3B0C6F9B7D9F14"
    },
    "title": "Confidential Document",
    "labels": [
      {
        "name": "Confidential",
        "action": "encrypt",
        "protection": {
          "type": "user",
          "value": "finance@contoso.com"
        }
      }
    ]
  }
}
```
Question 200hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You run the above KQL query in Microsoft Sentinel. What is the purpose of this query?

Exhibit

Refer to the exhibit.

```kusto
SigninLogs
| where TimeGenerated > ago(1d)
| where UserPrincipalName == "user@contoso.com"
| summarize signinCount = count() by IPAddress
| where signinCount > 10
```
Question 201easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

You run the above PowerShell command in your Microsoft Entra ID environment. What is the command retrieving?

Exhibit

Refer to the exhibit.

```powershell
Get-AzureADPolicy | Where-Object {$_.Type -eq "TokenLifetimePolicy"}
```
Question 202easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company wants to ensure that only users with appropriate permissions can access sensitive data stored in Microsoft SharePoint Online. Which principle should they implement?

Question 203mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization must comply with HIPAA regulations. They use Microsoft Purview to classify and label patient data. Which Microsoft Purview capability helps them enforce data protection policies automatically?

Question 204hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation wants to implement a Zero Trust security model. They plan to verify every access request explicitly, use least privilege access, and assume breach. Which Microsoft security solution should they use to enforce conditional access policies based on user, device, location, and risk?

Question 205easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A small business wants to enable single sign-on (SSO) for its employees using their existing on-premises Active Directory. They plan to migrate to cloud-based identity management. Which Microsoft service should they use to connect their on-premises directory to Microsoft Entra ID?

Question 206mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization wants to ensure that its security team can quickly identify and respond to threats across all workloads, including identities, endpoints, email, and cloud apps. Which Microsoft security solution provides a unified incident management experience?

Question 207hardmultiple choice
Read the full NAT/PAT explanation →

A financial services company needs to comply with GDPR and requires that personal data be automatically classified and protected when stored in Microsoft SharePoint and OneDrive. They also need to retain certain records for a minimum of 7 years. Which combination of Microsoft Purview capabilities should they use?

Question 208easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A user reports that they cannot access a sensitive document in SharePoint Online. The administrator checks the document's permissions and sees that the user is not listed directly, but a group they belong to has been granted access. Which identity concept describes this scenario?

Question 209mediummultiple choice
Read the full NAT/PAT explanation →

An organization uses Microsoft Intune to manage devices. They want to ensure that only devices that are compliant with security policies (e.g., encryption enabled, latest patches) can access corporate email. Which Microsoft Entra feature should they use to enforce this requirement?

Question 210hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is designing a data governance strategy using Microsoft Purview. They need to allow data owners to define custom attributes for data assets and control who can access those assets. Which Purview feature should they use?

Question 211mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are benefits of using Microsoft Entra ID for identity management?

Question 212hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. An administrator deploys this Azure Resource Manager template. Which TWO of the following statements are true?

Exhibit

{
        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "resources": [
            {
                "type": "Microsoft.Authorization/policyAssignments",
                "apiVersion": "2021-06-01",
                "name": "audit-sql-encryption",
                "properties": {
                    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
                    "parameters": {
                        "effect": {
                            "value": "AuditIfNotExists"
                        }
                    }
                }
            }
        ]
    }
Question 213easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are components of the Zero Trust security model?

Question 214mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. A security administrator is reviewing an Azure Resource Manager template for a virtual machine. What is the purpose of the 'identity' section shown?

Exhibit

{ 
        "identity": { 
            "type": "UserAssigned", 
            "userAssignedIdentities": { 
                "/subscriptions/12345/resourcegroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {} 
            } 
        } 
    }
Question 215hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. A security analyst runs this Microsoft Graph PowerShell command. What is the most likely purpose of this command?

Exhibit

{ 
        "command": "Get-MgUser -Filter "startsWith(userPrincipalName,'j')" | Select-Object Id, UserPrincipalName, DisplayName" 
    }
Question 216easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. A security analyst runs this Kusto Query Language (KQL) query in Microsoft Sentinel. What is being identified?

Exhibit

{
        "query": "SigninLogs | where TimeGenerated > ago(1d) | where ResultType == 50057 | project UserPrincipalName, IPAddress, TimeGenerated"
    }
Question 217mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company wants to ensure that all users access corporate resources using multi-factor authentication (MFA). Which Microsoft Entra ID feature should they configure to enforce MFA for all users?

Question 218mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization uses Microsoft Purview to manage data compliance. They need to automatically detect and protect credit card numbers stored in SharePoint Online. Which Microsoft Purview solution should they implement?

Question 219hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A security analyst needs to investigate a potential ransomware attack affecting multiple endpoints. They want to centralize detection and response across devices, email, and applications. Which Microsoft solution should they use?

Question 220easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Which Microsoft Entra ID feature allows an organization to provide external partners with access to its applications while maintaining control over authentication and governance?

Question 221mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company requires that all sensitive data in Microsoft Teams messages be automatically encrypted and labeled with a 'Confidential' tag. Which Microsoft Purview solution should they use?

Question 222easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization wants to use a cloud-based SIEM to collect security data from multiple sources, including on-premises servers and cloud applications. Which Microsoft solution should they choose?

Question 223hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses Microsoft Purview to classify and protect data. They need to ensure that when a user attempts to share a file containing a credit card number externally, the file is blocked and the user is prompted with a policy tip. Which type of Microsoft Purview policy should they configure?

Question 224mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

An organization wants to enable passwordless authentication for its users by using a mobile app. Which Microsoft Entra ID authentication method should they implement?

Question 225hardmultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

A company uses Microsoft Defender for Cloud to secure its hybrid cloud environment. They need to continuously assess compliance with regulatory standards like ISO 27001 and receive recommendations for remediation. Which feature should they enable?

Question 226mediummulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are components of the Microsoft Security Development Lifecycle (SDL)? (Choose two.)

Question 227hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which THREE of the following are core principles of the Zero Trust security model? (Choose three.)

Question 228easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

Which TWO of the following are Microsoft Entra ID editions that include Identity Protection? (Choose two.)

Question 229hardmultiple choice
Read the full NAT/PAT explanation →

You are the security administrator for Contoso Corporation. The company uses Microsoft 365 E5 licenses, which include Microsoft Entra ID P2, Microsoft Purview, and Microsoft Defender XDR. Contoso has a hybrid identity environment with Microsoft Entra Connect syncing on-premises Active Directory to Microsoft Entra ID. The company recently experienced a data breach where an attacker compromised a user's credentials and exfiltrated sensitive customer data from SharePoint Online. The investigation revealed that the compromised user did not have MFA enabled and had admin consent to a malicious third-party OAuth app. To prevent future incidents, management has mandated the following requirements: (1) Enforce MFA for all users, especially those accessing sensitive data. (2) Block all OAuth apps that are not pre-approved by IT. (3) Detect and respond to identity-based threats in real-time. (4) Classify and protect sensitive data in SharePoint and Teams. You need to recommend a solution that meets all requirements. Which combination of Microsoft security solutions should you implement?

Question 230mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Your organization is implementing a new policy to ensure that only authorized users can access sensitive financial data stored in Microsoft SharePoint Online. The security team wants to enforce multi-factor authentication (MFA) for all users accessing this data, but only when accessing from outside the corporate network. Which Microsoft Entra ID conditional access policy setting should you configure to meet this requirement?

Question 231hardmulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A company wants to implement a Zero Trust security model. Which TWO of the following are core principles of Zero Trust?

Question 232easymulti select
Read the full Describe the concepts of security, compliance, and identity explanation →

A company is implementing data classification in Microsoft Purview. Which THREE of the following are types of sensitive information that can be detected using built-in sensitive information types?

Question 233easymultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Refer to the exhibit. You are reviewing a conditional access policy in Microsoft Entra ID. The policy is enabled and applies to all cloud apps. Which users are affected by this policy?

Exhibit

Refer to the exhibit.
{
  "properties": {
    "displayName": "MFA for Admins",
    "state": "enabled",
    "conditions": {
      "applications": {
        "includeApplications": ["All"]
      },
      "users": {
        "includeRoles": ["Global Administrator", "Exchange Administrator"]
      },
      "locations": {
        "includeLocations": ["All"]
      }
    },
    "grantControls": {
      "builtInControls": ["mfa"]
    }
  }
}
Question 234hardmultiple choice
Read the full NAT/PAT explanation →

Contoso Ltd. is a financial services company that must comply with strict regulatory requirements. They use Microsoft 365 E5, Microsoft Entra ID P2, Microsoft Purview, and Microsoft Defender for Cloud Apps. The compliance team needs to implement a data loss prevention (DLP) policy that detects and prevents the sharing of credit card numbers in Microsoft Teams messages. Additionally, they want to ensure that only users with a specific custom sensitivity label can access documents containing credit card numbers. The sensitivity label is named 'Financial-Confidential' and is applied automatically via auto-labeling. The DLP policy should block sharing of credit card numbers in Teams but allow users to override the block with a business justification. Which combination of actions should you configure in the Microsoft Purview DLP policy to meet these requirements?

Question 235mediummultiple choice
Read the full Describe the concepts of security, compliance, and identity explanation →

Fabrikam Inc. is a global manufacturing company that uses Microsoft Entra ID for identity management. They have recently experienced a security incident where an attacker compromised a user account and accessed sensitive intellectual property. The security team wants to implement identity protection measures to detect and respond to such attacks in the future. They need a solution that can automatically detect suspicious sign-in behavior, such as impossible travel and anomalous token issuance, and then take action to block the sign-in or require additional verification. Additionally, they want to integrate threat intelligence feeds to improve detection. Which Microsoft security solution should they use to meet these requirements?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-900 Practice Test 1 — 10 Questions→SC-900 Practice Test 2 — 10 Questions→SC-900 Practice Test 3 — 10 Questions→SC-900 Practice Test 4 — 10 Questions→SC-900 Practice Test 5 — 10 Questions→SC-900 Practice Exam 1 — 20 Questions→SC-900 Practice Exam 2 — 20 Questions→SC-900 Practice Exam 3 — 20 Questions→SC-900 Practice Exam 4 — 20 Questions→Free SC-900 Practice Test 1 — 30 Questions→Free SC-900 Practice Test 2 — 30 Questions→Free SC-900 Practice Test 3 — 30 Questions→SC-900 Practice Questions 1 — 50 Questions→SC-900 Practice Questions 2 — 50 Questions→SC-900 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Describe the capabilities of Microsoft EntraDescribe the capabilities of Microsoft security solutionsDescribe the capabilities of Microsoft compliance solutionsDescribe the concepts of security, compliance, and identity

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Describe the concepts of security, compliance, and identity setsAll Describe the concepts of security, compliance, and identity questionsSC-900 Practice Hub