MICROSOFT SC-900: SECURITY,
COMPLIANCE, AND IDENTITY
FUNDAMENTALS|||questions and
answers with rationales/graded
A+/2026 update/100% correct /instant
download
2026 UPDATED FULL-LENGTH PRACTICE EXAM
Exam Domains Covered:
• Domain 1: Describe Security, Compliance, and Identity Concepts (10-15%)
• Domain 2: Describe Microsoft Entra ID Capabilities (25-30%)
• Domain 3: Describe Microsoft Security Solutions (30-35%)
• Domain 4: Describe Microsoft Compliance Solutions (25-30%)
SECTION 1: CONCEPTS OF SECURITY, COMPLIANCE, & IDENTITY
(Questions 1-20)
1. A company is migrating to the cloud. The CISO insists that security must be
built into the development process from the start, rather than added at the
end. Which concept does this describe?
A. Zero Trust
B. DevSecOps
C. Shared Responsibility Model
D. Defense in Depth
,Answer: B. DevSecOps
Rationale: DevSecOps integrates security practices into the DevOps pipeline. This
"shift-left" approach ensures security is built into the application lifecycle early,
rather than bolted on at the end .
2. Which security model explicitly states, "Never trust, always verify"?
A. Shared Responsibility
B. Principle of Least Privilege
C. Zero Trust
D. CIA Triad
Answer: C. Zero Trust
Rationale: Zero Trust assumes breach and verifies every request as if it originates
from an open network. Regardless of location (corporate network or coffee shop),
the user must be continuously validated.
3. In the Shared Responsibility Model for an IaaS (Infrastructure as a Service)
workload, for which layer is the customer ALWAYS responsible?
A. Physical datacenter security
B. Hypervisor
C. Network infrastructure (patching routers)
D. Data classification and access control
Answer: D. Data classification and access control
Rationale: The customer is always responsible for their data, endpoints, and
account access management. Microsoft is responsible for the physical host,
network, and hypervisor .
4. An attacker intercepts data transmitted between a web browser and a
server, altering the packet contents. What type of attack is being performed?
A. Eavesdropping
B. Denial of Service (DoS)
C. Man-in-the-Middle (MitM)
D. SQL Injection
Answer: C. Man-in-the-Middle (MitM)
Rationale: MitM attacks involve the attacker secretly relaying and possibly
altering the communication between two parties who believe they are directly
communicating with each other.
,5. What is the primary purpose of a hashing algorithm (e.g., SHA-256) in
cybersecurity?
A. To encrypt data so it can be decrypted with a key
B. To provide a digital signature for non-repudiation
C. To verify the integrity of data
D. To perform authorization checks
Answer: C. To verify the integrity of data
Rationale: Hashing creates a unique, fixed-length "digital fingerprint" of data. If
the data changes, the hash changes completely, allowing verification that the data
has not been tampered with.
6. Which layer of the Defense in Depth model involves applying updates to
operating systems and applications to close security loopholes?
A. Data layer
B. Applications & APIs layer
C. OS (Operating System) layer
D. Physical security layer
Answer: C. OS (Operating System) layer
Rationale: The OS layer focuses on patching vulnerabilities and hardening the
operating system configuration to prevent unauthorized access to the system
kernel.
7. Your company decides to store all customer database servers in Germany to
comply with local privacy laws. Which concept describes the legal
requirements of where data resides?
A. Data Sovereignty
B. Data Residency
C. Right to be Forgotten
D. Data Classification
Answer: A. Data Sovereignty
Rationale: Data sovereignty implies that data is subject to the laws of the country
where it is physically located. Data residency simply refers to the physical location
of the data.
8. Which component of the CIA Triad is primarily supported by Multi-Factor
Authentication (MFA)?
A. Confidentiality
, B. Integrity
C. Availability
D. Anonymity
Answer: A. Confidentiality
Rationale: Confidentiality ensures data is accessible only to authorized parties.
MFA prevents unauthorized users (who may have stolen a password) from
accessing data, thus protecting confidentiality.
9. A Security Information and Event Management (SIEM) system receives
data from firewalls, antivirus, and servers. What function does a SIEM
primarily serve?
A. Blocking malware in real-time
B. Real-time monitoring, correlation, and analysis of security alerts
C. Isolating an infected workstation from the network
D. Encrypting traffic between cloud tenants
Answer: B. Real-time monitoring, correlation, and analysis of security alerts
Rationale: SIEM (like Microsoft Sentinel) aggregates log data from multiple
sources, correlates events to identify threats, and generates alerts.
10. You want to automatically respond to a common security incident (e.g., a
port scan) without human intervention. Which technology automates these
playbooks?
A. EDR (Endpoint Detection and Response)
B. SOAR (Security Orchestration, Automation, and Response)
C. CASB (Cloud Access Security Broker)
D. CSPM (Cloud Security Posture Management)
Answer: B. SOAR
Rationale: SOAR platforms allow organizations to define incident response
playbooks (e.g., "block IP address") that execute automatically when specific
triggers are detected .
11. Which 2026 update focuses on managing the security and compliance risks
associated with user input into Large Language Models (LLMs)?
A. Zero Day Exploit
B. Prompt Injection Risk Management
C. Ransomware-as-a-Service (RaaS)
D. Legacy Authentication blocking
COMPLIANCE, AND IDENTITY
FUNDAMENTALS|||questions and
answers with rationales/graded
A+/2026 update/100% correct /instant
download
2026 UPDATED FULL-LENGTH PRACTICE EXAM
Exam Domains Covered:
• Domain 1: Describe Security, Compliance, and Identity Concepts (10-15%)
• Domain 2: Describe Microsoft Entra ID Capabilities (25-30%)
• Domain 3: Describe Microsoft Security Solutions (30-35%)
• Domain 4: Describe Microsoft Compliance Solutions (25-30%)
SECTION 1: CONCEPTS OF SECURITY, COMPLIANCE, & IDENTITY
(Questions 1-20)
1. A company is migrating to the cloud. The CISO insists that security must be
built into the development process from the start, rather than added at the
end. Which concept does this describe?
A. Zero Trust
B. DevSecOps
C. Shared Responsibility Model
D. Defense in Depth
,Answer: B. DevSecOps
Rationale: DevSecOps integrates security practices into the DevOps pipeline. This
"shift-left" approach ensures security is built into the application lifecycle early,
rather than bolted on at the end .
2. Which security model explicitly states, "Never trust, always verify"?
A. Shared Responsibility
B. Principle of Least Privilege
C. Zero Trust
D. CIA Triad
Answer: C. Zero Trust
Rationale: Zero Trust assumes breach and verifies every request as if it originates
from an open network. Regardless of location (corporate network or coffee shop),
the user must be continuously validated.
3. In the Shared Responsibility Model for an IaaS (Infrastructure as a Service)
workload, for which layer is the customer ALWAYS responsible?
A. Physical datacenter security
B. Hypervisor
C. Network infrastructure (patching routers)
D. Data classification and access control
Answer: D. Data classification and access control
Rationale: The customer is always responsible for their data, endpoints, and
account access management. Microsoft is responsible for the physical host,
network, and hypervisor .
4. An attacker intercepts data transmitted between a web browser and a
server, altering the packet contents. What type of attack is being performed?
A. Eavesdropping
B. Denial of Service (DoS)
C. Man-in-the-Middle (MitM)
D. SQL Injection
Answer: C. Man-in-the-Middle (MitM)
Rationale: MitM attacks involve the attacker secretly relaying and possibly
altering the communication between two parties who believe they are directly
communicating with each other.
,5. What is the primary purpose of a hashing algorithm (e.g., SHA-256) in
cybersecurity?
A. To encrypt data so it can be decrypted with a key
B. To provide a digital signature for non-repudiation
C. To verify the integrity of data
D. To perform authorization checks
Answer: C. To verify the integrity of data
Rationale: Hashing creates a unique, fixed-length "digital fingerprint" of data. If
the data changes, the hash changes completely, allowing verification that the data
has not been tampered with.
6. Which layer of the Defense in Depth model involves applying updates to
operating systems and applications to close security loopholes?
A. Data layer
B. Applications & APIs layer
C. OS (Operating System) layer
D. Physical security layer
Answer: C. OS (Operating System) layer
Rationale: The OS layer focuses on patching vulnerabilities and hardening the
operating system configuration to prevent unauthorized access to the system
kernel.
7. Your company decides to store all customer database servers in Germany to
comply with local privacy laws. Which concept describes the legal
requirements of where data resides?
A. Data Sovereignty
B. Data Residency
C. Right to be Forgotten
D. Data Classification
Answer: A. Data Sovereignty
Rationale: Data sovereignty implies that data is subject to the laws of the country
where it is physically located. Data residency simply refers to the physical location
of the data.
8. Which component of the CIA Triad is primarily supported by Multi-Factor
Authentication (MFA)?
A. Confidentiality
, B. Integrity
C. Availability
D. Anonymity
Answer: A. Confidentiality
Rationale: Confidentiality ensures data is accessible only to authorized parties.
MFA prevents unauthorized users (who may have stolen a password) from
accessing data, thus protecting confidentiality.
9. A Security Information and Event Management (SIEM) system receives
data from firewalls, antivirus, and servers. What function does a SIEM
primarily serve?
A. Blocking malware in real-time
B. Real-time monitoring, correlation, and analysis of security alerts
C. Isolating an infected workstation from the network
D. Encrypting traffic between cloud tenants
Answer: B. Real-time monitoring, correlation, and analysis of security alerts
Rationale: SIEM (like Microsoft Sentinel) aggregates log data from multiple
sources, correlates events to identify threats, and generates alerts.
10. You want to automatically respond to a common security incident (e.g., a
port scan) without human intervention. Which technology automates these
playbooks?
A. EDR (Endpoint Detection and Response)
B. SOAR (Security Orchestration, Automation, and Response)
C. CASB (Cloud Access Security Broker)
D. CSPM (Cloud Security Posture Management)
Answer: B. SOAR
Rationale: SOAR platforms allow organizations to define incident response
playbooks (e.g., "block IP address") that execute automatically when specific
triggers are detected .
11. Which 2026 update focuses on managing the security and compliance risks
associated with user input into Large Language Models (LLMs)?
A. Zero Day Exploit
B. Prompt Injection Risk Management
C. Ransomware-as-a-Service (RaaS)
D. Legacy Authentication blocking
