SC-900 · topic practice

Describe the capabilities of Microsoft security solutions practice questions

Practise Microsoft Security, Compliance, and Identity Fundamentals SC-900 Describe the capabilities of Microsoft security solutions practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Describe the capabilities of Microsoft security solutions

What the exam tests

What to know about Describe the capabilities of Microsoft security solutions

Describe the capabilities of Microsoft security solutions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Describe the capabilities of Microsoft security solutions exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Describe the capabilities of Microsoft security solutions questions

20 questions · select your answer, then reveal the explanation

A security administrator is using Microsoft Defender for Cloud to improve the security posture of Azure resources. The administrator wants to view a consolidated assessment of compliance with industry standards such as CIS and NIST. Which feature should be used?

An organization uses Microsoft 365 Defender. The security team receives an alert about a potential malware outbreak on multiple endpoints, and they need an integrated view that correlates signals from various Microsoft security solutions. Which Microsoft 365 Defender portal component provides this unified view?

A security team is evaluating Microsoft security solutions to monitor user activities across multiple SaaS applications, including Salesforce and Dropbox, for signs of compromised accounts and data exfiltration. Which solution is specifically designed for this purpose?

A company manages Azure virtual machines and on-premises servers. The security team needs a single dashboard that provides a secure score and actionable recommendations to improve the security posture across both environments. Which Microsoft solution should be used?

A company has deployed Microsoft 365 Defender to unify threat detection and response. Which two components are included within the Microsoft 365 Defender integrated solution? (Select all that apply.)

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A security analyst is using Microsoft 365 Defender to investigate a sophisticated multi-stage attack. The analyst needs to query data across endpoints, email, and identity logs to identify the attacker's behavior patterns and correlate events. Which Microsoft 365 Defender capability should the analyst use?

A company wants to reduce the attack surface on its Windows devices by blocking common techniques used by malware, such as preventing Office applications from creating child processes or blocking executable files from running from the %TEMP% folder. Which Microsoft Defender for Endpoint feature should be configured?

A company uses Microsoft 365 and is concerned about phishing attacks targeting employees. They want to deploy a solution that can automatically analyze email messages for malicious links and attachments, and also provide click-time protection by rewriting URLs. Which Microsoft 365 Defender component should they use?

A security administrator needs to identify and remediate misconfigurations in Azure resources that could lead to security breaches. They want a central dashboard that provides a secure score based on security controls and recommendations. Which Microsoft solution should they use?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A security operations center (SOC) team needs to collect security logs from Azure services, on-premises servers, and third-party firewalls. They want a cloud-native solution that provides advanced threat detection through analytics, machine learning, and the ability to hunt for threats across all data sources. Which Microsoft solution should they deploy?

A security team needs to detect and investigate advanced attacks targeting on-premises Active Directory accounts, such as Pass-the-Hash (PtH) and Golden Ticket attacks. Which Microsoft security solution should they deploy?

A security analyst receives an alert about a suspicious process on a device. The security solution automatically investigates the device, gathers evidence, and determines that a known malware variant was detected. It then presents an action plan to the analyst for remediation. Which Microsoft security solution provides this automated investigation and response capability?

Question 13hardmultiple choice
Read the full Ansible explanation →

A security operations center (SOC) team needs to ingest security logs from on-premises servers, Azure virtual machines, and SaaS applications like Salesforce. They want a cloud-native solution that uses machine learning to detect threats, provides a unified query language for hunting, and supports automated incident response through playbooks. Which Microsoft solution should they deploy?

A company wants to discover which cloud applications are being used by employees, assess the risk of those apps, and control data sharing in sanctioned apps like Box or Dropbox. Which Microsoft security solution should they implement?

Question 15mediummultiple choice
Read the full NAT/PAT explanation →

An organization runs workloads in Azure, an on-premises data center, and multiple third-party cloud environments. The security team needs a single, cloud-native solution that provides a unified view of the security posture across all these environments, along with a secure score and actionable recommendations. They also want to protect these workloads with advanced threat detection. Which Microsoft security solution should they implement?

A security team needs to continuously assess the security posture of Azure resources, including virtual machines, storage accounts, and SQL databases. They also want to identify vulnerabilities in both Windows and Linux servers running in Azure and on-premises, and receive prioritized recommendations for remediation. Which Microsoft security solution should they use?

A company runs containerized applications on Azure Kubernetes Service (AKS) and stores container images in Azure Container Registry. The security team wants to automatically scan container images for vulnerabilities every time a new image is pushed to the registry and receive recommendations for remediation. Which Microsoft security solution should they enable?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to protect its Azure PaaS services, such as Azure SQL Database and Azure Key Vault, by detecting and alerting on suspicious activities like SQL injection attempts or unusual access patterns. They also need to integrate these alerts into a central security information and event management (SIEM) system for further analysis. Which Microsoft security solution provides the threat detection capability described?

A large enterprise uses a variety of cloud applications, including sanctioned apps like Microsoft 365 and unsanctioned apps that employees adopted without IT approval. The security team wants to discover all cloud applications in use, assess each app's risk score based on more than 80 risk factors, and control data sharing within sanctioned apps to prevent data leakage. Additionally, they need to identify which users are using a new, unknown file-sharing service. Which Microsoft security solution should be deployed to meet these requirements?

An organization uses Exchange Online and is concerned about phishing attacks that include malicious hyperlinks. They need a security solution that checks URLs at the time a user clicks them and blocks access to known malicious or suspicious websites. The solution must also provide real-time reputation analysis for link clicks. Which Microsoft security solution should they enable?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Describe the capabilities of Microsoft security solutions sessions

Start a Describe the capabilities of Microsoft security solutions only practice session

Every question in these sessions is drawn from the Describe the capabilities of Microsoft security solutions domain — nothing else.

Related practice questions

Related SC-900 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SC-900 exam test about Describe the capabilities of Microsoft security solutions?
Describe the capabilities of Microsoft security solutions questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Describe the capabilities of Microsoft security solutions questions in a focused session?
Yes — the session launcher on this page draws every question from the Describe the capabilities of Microsoft security solutions domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SC-900 topics?
Use the topic links above to move to related areas, or go back to the SC-900 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SC-900 exam covers. They are not copied from any real exam or dump site.