Question 1mediummultiple choice
Full question →SC-900 · topic practice
Describe The Capabilities Of Microsoft Entra practice questions
Use this page to practise SC-900 Describe The Capabilities Of Microsoft Entra practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.
20 questionsDomain: Describe The Capabilities Of Microsoft Entra
What the exam tests
What to know about Describe The Capabilities Of Microsoft Entra
Describe The Capabilities Of Microsoft Entra questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Practice set
Describe The Capabilities Of Microsoft Entra questions
20 questions · select your answer, then reveal the explanation
Question 2mediummultiple choice
Full question →A company uses a cloud-based SaaS (Software as a Service) application for customer relationship management. According to the shared responsibility model, which security responsibility is primarily handled by the customer?
Question 3hardmultiple choice
Full question →A company runs a mix of on-premises servers and Azure virtual machines. They deploy Microsoft Defender for Endpoint on all servers. The security team wants to create custom queries to hunt for a specific attack pattern that involves a sequence of events across multiple machines, such as a PowerShell script being downloaded and then executed on several servers. They need to write their own detection rules based on advanced hunting data. Which Microsoft 365 Defender capability should they use?
Question 4mediummultiple choice
Full question →A company runs a consumer-facing e-commerce website and wants to allow customers to sign in using their existing social media accounts such as Google, Facebook, or LinkedIn. Which Microsoft Entra ID solution should they implement?
Question 5easymultiple choice
Full question →A company has a hybrid identity environment with Active Directory synchronizing to Microsoft Entra ID. They want users to be able to reset their own on-premises passwords via the cloud SSPR portal. What is the minimum license required for this capability?
Question 6easymultiple choice
Full question →A company uses a cloud-based Customer Relationship Management (CRM) system that is delivered as Software-as-a-Service (SaaS). According to the shared responsibility model, which security responsibility is primarily handled by the customer?
Question 7mediummultiple choice
Full question →A company has implemented a security model where every access request is fully authenticated, authorized, and encrypted before granting access, regardless of where the request originates (corporate network or internet). The model assumes that no entity is inherently trustworthy and requires continuous verification. This model is known as:
Question 8easymultiple choice
Full question →A company assigns permissions to users based strictly on their job title (e.g., Sales Manager can edit documents, Sales User can only read). Which identity and access management concept is being implemented?
Question 9hardmultiple choice
Full question →A company deploys a custom web application on Azure App Service (PaaS). The application stores user data in Azure SQL Database. The security team is responsible for securing the application code, managing authentication, and configuring TLS for data in transit. According to the Microsoft shared responsibility model, which security responsibility remains with Microsoft for this PaaS deployment?
Question 10hardmultiple choice
Full question →A company deploys a custom web application on Azure App Service (PaaS). The application stores data in Azure SQL Database. The security team needs to identify which security responsibilities fall under the customer according to the Microsoft shared responsibility model. Which of the following is primarily the customer's responsibility for this PaaS deployment?
Question 11mediummultiple choice
Full question →A company deploys a virtual machine on Azure IaaS. According to the Microsoft shared responsibility model, which of the following security responsibilities is primarily the customer's responsibility?
Question 12easymultiple choice
Full question →A company configures its access control system so that each user can only access the data and perform actions that are strictly necessary for their job role. This configuration is a direct implementation of which security principle?
Question 13mediummultiple choice
Full question →A company has a policy that prohibits employees from sharing confidential customer data with unauthorized parties. The compliance team needs to detect patterns of unusual user activity that may indicate insider data theft, such as downloading large volumes of data to a personal device or emailing sensitive files to external recipients. They also want to investigate the activity and take remediation actions like generating a case for litigation or notifying the user's manager. Which Microsoft Purview solution should they use?
Question 14easymultiple choice
Full question →A company has a document management system. The security policy requires that a user in the Sales department can only view documents related to sales and cannot access documents in the Finance or HR folders. Which security principle is being applied?
Question 15hardmultiple choice
Full question →A company deploys a custom application on Azure App Service (PaaS). Which of the following security responsibilities falls completely under the customer's scope according to the shared responsibility model?
Question 16easymultiple choice
Full question →A company has a SharePoint Online site that stores project documents. Due to legal requirements, all documents in this site must be retained for exactly 5 years from the date they were created, and then automatically deleted. No user should be able to permanently delete a document before the retention period ends. Which Microsoft Purview solution should the administrator configure?
Question 17easymultiple choice
Full question →A company implements a security measure to ensure that only authorized employees can view sensitive customer records. Which principle of the CIA triad does this measure primarily protect?
Question 18easymultiple choice
Full question →A company configures its identity and access management system so that employees are granted only the permissions necessary to perform their job functions. For example, a sales representative has read-only access to the customer database and cannot modify financial records. Which security principle is being applied in this scenario?
Question 19mediummultiple choice
Full question →A company has an on-premises Active Directory domain and uses Microsoft Entra ID (Azure AD) for cloud applications. They purchase new Windows 10 laptops that are not yet joined to any domain. The IT admin wants users to be able to sign in with their existing on-premises credentials and automatically have the laptops joined to both the on-premises AD domain and Microsoft Entra ID. Which device identity option should the admin configure?
Question 20mediummultiple choice
Full question →A company has deployed Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. The security operations team wants a single, unified portal where they can view alerts from all these products, perform cross-domain investigations, and orchestrate automated response actions. Which Microsoft security solution should they use?
Watch out for
Common Describe The Capabilities Of Microsoft Entra exam traps
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.
Free account
Track your progress over time
Create a free account to save your results and see which topics improve across sessions.
Focused Describe The Capabilities Of Microsoft Entra sessions
Start a Describe The Capabilities Of Microsoft Entra only practice session
Every question in these sessions is drawn from the Describe The Capabilities Of Microsoft Entra domain — nothing else.
Related practice questions
Related SC-900 topic practice pages
Move into related areas when this topic feels solid.
Frequently asked questions
- What does the SC-900 exam test about Describe The Capabilities Of Microsoft Entra?
- Describe The Capabilities Of Microsoft Entra questions test whether you can apply the concept in context, not just recognise a definition.
- How should I use these practice questions?
- Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
- Can I practise just Describe The Capabilities Of Microsoft Entra questions in a focused session?
- Yes — the session launcher on this page draws every question from the Describe The Capabilities Of Microsoft Entra domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
- Where can I practise other SC-900 topics?
- Use the topic links above to move to related areas, or go back to the SC-900 question bank to see all topics.
- Are these real exam questions or dumps?
- These are original practice questions written to test the same concepts the SC-900 exam covers. They are not copied from any real exam or dump site.
Describe The Capabilities Of Microsoft Entra only
Mixed SC-900 sessionTrack your progress
A free account saves results across sessions and highlights which topics need work.
Sign up freeStudy resources
Exam traps to avoid
- ▸Answering from memory before reading the full scenario.
- ▸Missing a constraint such as cost, availability, security, scope or command context.
- ▸Choosing a broad answer when the question asks for the most specific fix.
- ▸Ignoring why the wrong options are tempting.