SC-900 · topic practice

Describe the capabilities of Microsoft Entra practice questions

Practise Microsoft Security, Compliance, and Identity Fundamentals SC-900 Describe the capabilities of Microsoft Entra practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Describe the capabilities of Microsoft Entra

What the exam tests

What to know about Describe the capabilities of Microsoft Entra

Describe the capabilities of Microsoft Entra questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Describe the capabilities of Microsoft Entra exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Describe the capabilities of Microsoft Entra questions

20 questions · select your answer, then reveal the explanation

A company wants to require multi-factor authentication (MFA) for all users accessing a financial application, but only when they sign in from outside the corporate network. Which Microsoft Entra ID feature should be used?

An organization uses Microsoft Entra ID Protection. A user's sign-in is flagged with a risk level of 'High' because of an anonymous IP address. The administrator wants to automatically block the sign-in while allowing the user to self-remediate. Which should be configured?

A company manages Azure resources for multiple departments. The security team needs to grant IT administrators temporary, just-in-time access to high-privilege roles (e.g., Contributor, Owner) only when needed, with approval workflows. Which Microsoft Entra ID capability should they configure?

A company uses Microsoft Entra ID and needs to regularly review membership of a group that grants access to a sensitive HR application. The identity team wants to automate quarterly reviews and automatically remove users who fail to respond or are denied by the reviewer. Which Microsoft Entra ID feature should they use?

A company uses Microsoft Entra ID and wants to enforce multi-factor authentication (MFA) only for external guest users, while allowing internal employees to sign in without MFA. Which Conditional Access setting should be configured?

A company wants to block all sign-ins using legacy authentication protocols because these protocols do not support multi-factor authentication (MFA). Which component of a Microsoft Entra ID Conditional Access policy should be configured to achieve this?

An organization uses Microsoft Intune to manage devices. They want to ensure that only devices marked as compliant can access corporate email in Exchange Online. Which Conditional Access component should they configure?

A company uses Microsoft Entra ID. The IT department wants to automatically assign a Microsoft 365 E5 license to all users in the Sales department based on their department attribute. Which Microsoft Entra ID feature should they use?

A security team is using Microsoft Entra ID Protection. They want to automatically block sign-ins from known malicious IP addresses, but if a user's account is compromised (e.g., leaked credentials), they want to force the user to change their password upon next sign-in. Which two risk policies should they configure? (Select all that apply.)

A company uses Microsoft Entra ID and wants to allow external business partners to request access to a specific application through an approval process. The access should be time-limited and automatically expired. Which Microsoft Entra ID feature should be configured?

A company wants to allow its employees to reset forgotten passwords or unlock their accounts without contacting the help desk. The solution must verify the user's identity using a phone call or mobile app notification before allowing the action. Which Microsoft Entra ID feature should be enabled?

A company runs a consumer-facing e-commerce website and wants to allow customers to sign in using their existing social media accounts such as Google, Facebook, or LinkedIn. Which Microsoft Entra ID solution should they implement?

Question 13mediummultiple choice
Read the full VPN explanation →

A company has several on-premises web-based applications that need to be securely accessed by remote employees without requiring a VPN. The IT team wants to provide single sign-on (SSO) using Microsoft Entra ID. Which Microsoft Entra ID feature should they implement?

A company wants to allow external business partners to access its internal applications using their own corporate credentials (e.g., their Microsoft Entra ID or Google account), without creating separate user accounts in the company's directory. Which Microsoft Entra ID feature should they use?

A company needs to grant IT administrators temporary and time-limited access to privileged roles in Microsoft Entra ID (Azure AD). The access must require approval from a manager and be automatically revoked after the task is completed. Which Microsoft Entra ID feature should be used?

A company requires that all users accessing a financial application from outside the corporate network must complete multi-factor authentication (MFA). The IT team is configuring a Microsoft Entra ID Conditional Access policy to enforce this requirement. Which component of the policy should be configured to apply the MFA requirement?

Question 17mediummultiple choice
Read the full VPN explanation →

A company uses Microsoft Entra ID. The IT team wants to provide remote employees with secure, single sign-on (SSO) access to a critical on-premises web application that uses password-based authentication, without requiring a VPN connection. Which Microsoft Entra ID feature should they use?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation uses Microsoft Entra ID. The IT department wants to allow regional IT administrators in Europe to manage users and groups only for their own region, without granting them permissions to manage users in other regions. Which Microsoft Entra ID feature should they use?

A company uses Microsoft Entra ID. The security team wants to configure a policy so that when a user signs in from an unfamiliar location (not on the company's trusted IP ranges) or from an unfamiliar device, they are prompted for additional verification (e.g., MFA). However, if the sign-in is from a trusted location (e.g., office IP range) and a known device, no additional verification is required. Which Microsoft Entra ID feature should they configure?

A security administrator at an organization using Microsoft Entra ID needs to automatically detect user sign-ins that exhibit risky behavior, such as signing in from a suspicious IP address or using leaked credentials. The administrator also wants the system to automatically calculate a risk level for each user and take actions like requiring a password reset when risk is high. Which Microsoft Entra ID feature should the administrator use?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Describe the capabilities of Microsoft Entra sessions

Start a Describe the capabilities of Microsoft Entra only practice session

Every question in these sessions is drawn from the Describe the capabilities of Microsoft Entra domain — nothing else.

Related practice questions

Related SC-900 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SC-900 exam test about Describe the capabilities of Microsoft Entra?
Describe the capabilities of Microsoft Entra questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Describe the capabilities of Microsoft Entra questions in a focused session?
Yes — the session launcher on this page draws every question from the Describe the capabilities of Microsoft Entra domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-900 topics?
Use the topic links above to move to related areas, or go back to the SC-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-900 exam covers. They are not copied from any real exam or dump site.