Common Traps on Which Command Should the Administrator Use Practice Questions
- ·Separate verification commands from configuration commands.
- ·Read whether the question asks to identify, verify, fix, permit or deny.
- ·Small command keywords often change the correct answer.
Sample Questions
Practice all 15 →A company configures its access control system so that each user can only access the data and perform actions that are strictly necessary for their job role. This configuration is a direct implementation of which security principle?
Explanation: The principle of least privilege states that users should be granted only the minimum level of access (permissions) needed to perform their job functions. Role-based access control (RBAC) is often used to enforce this principle. Defense in depth uses multiple layers of security. Separation of duties prevents a single individual from having conflicting roles (e.g., authorizing and executing a transaction). Zero trust is a broader security model that assumes no implicit trust and requires continuous verification.
A company has a SharePoint Online site that stores project documents. Due to legal requirements, all documents in this site must be retained for exactly 5 years from the date they were created, and then automatically deleted. No user should be able to permanently delete a document before the retention period ends. Which Microsoft Purview solution should the administrator configure?
Explanation: A retention policy in Microsoft Purview can be applied to a SharePoint site to enforce a specified retention period (e.g., 5 years) and then automatically delete the content. Retention policies prevent users from permanently deleting content before the retention period ends. A sensitivity label is used for classification and protection (encryption, access control), not retention alone. A data loss prevention (DLP) policy prevents sharing of sensitive data but does not enforce retention. An audit policy enables logging but does not enforce retention or deletion.
A company configures its identity and access management system so that employees are granted only the permissions necessary to perform their job functions. For example, a sales representative has read-only access to the customer database and cannot modify financial records. Which security principle is being applied in this scenario?
Explanation: The principle of least privilege dictates that users should be granted the minimum level of access required to accomplish their tasks. This reduces the risk of accidental or malicious misuse of permissions. Segregation of duties involves splitting critical tasks among multiple people to prevent fraud. Defense in depth uses multiple layers of security controls. Zero Trust is a broader security model that assumes no implicit trust. The scenario directly describes least privilege.
A company has an on-premises Active Directory domain and uses Microsoft Entra ID (Azure AD) for cloud applications. They purchase new Windows 10 laptops that are not yet joined to any domain. The IT admin wants users to be able to sign in with their existing on-premises credentials and automatically have the laptops joined to both the on-premises AD domain and Microsoft Entra ID. Which device identity option should the admin configure?
Explanation: Microsoft Entra hybrid join allows a device to be joined to both an on-premises Active Directory domain and Microsoft Entra ID. This enables single sign-on to both on-premises and cloud resources and allows Conditional Access policies based on the device. Microsoft Entra joined devices are cloud-only, registered devices are only registered but not joined, and on-premises domain join alone does not integrate with Azure AD.
A company is subject to a legal hold for an ongoing investigation. The IT administrator must prevent the deletion of any documents related to this case across SharePoint Online and OneDrive, overriding any existing deletion policies. Which Microsoft Purview capability should the administrator use?
Explanation: eDiscovery (Premium) in Microsoft Purview includes features such as holds, which allow organizations to preserve content relevant to legal cases. A hold overrides any deletion policies (e.g., from Data Lifecycle Management) and ensures that the content is retained until the hold is removed. Data Lifecycle Management is used for routine retention and deletion based on policy, but holds take precedence. Audit (Premium) tracks activities but does not preserve data. Communication Compliance monitors communications for policy violations but does not prevent deletion.
+10 more scenario questions available
Practice all Which Command Should the Administrator Use Practice QuestionsRelated Topics
Frequently asked questions
How do "Which Command Should the Administrator Use Practice Questions" appear on the real SC-900?
Practise command-choice questions where the task is to identify the correct verification, configuration or troubleshooting command. These appear throughout the SC-900 and require you to apply your knowledge, not just recall facts.
How many scenario questions are on the SC-900 exam?
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the SC-900. Practicing each scenario type ensures you're ready for any format.
Are these SC-900 scenario practice questions free?
Yes — all scenario practice on Courseiva is completely free. Sign up for a free account to track your progress and see which scenario types you've mastered.
Ready to practice this scenario type?
Launch a full Which Command Should the Administrator Use Practice Questions session with instant scoring and detailed explanations.
Start Scenario Practice →