Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

Microsoft SC-900 Practice Exam |||questions and answers with rationales/graded A+/2026 update/100% correct /instant download

Puntuación
-
Vendido
-
Páginas
35
Grado
A+
Subido en
02-07-2026
Escrito en
2025/2026

Microsoft SC-900 Practice Exam |||questions and answers with rationales/graded A+/2026 update/100% correct /instant download

Institución
2026
Grado
2026

Vista previa del contenido

Microsoft SC-900 Practice Exam
|||questions and answers with
rationales/graded A+/2026
update/100% correct /instant
download
Exam Name: Microsoft Security, Compliance, and Identity Fundamentals
Exam Code: SC-900
Instructions: Choose the best answer for each question. The correct answer is
highlighted in bold, and a rationale is provided below each question.


Section 1: Core Concepts (Security, Compliance, Identity, Zero Trust)
1. An organization wants to move from a traditional network perimeter
security model to one that assumes breach and verifies every request as
though it originates from an uncontrolled network. Which security principle is
the organization adopting?
A) Defense in Depth
B) Zero Trust
C) Shared Responsibility
D) Least Privilege
Correct Answer: B
Rationale: Zero Trust is a security model that assumes breach and verifies every
request as though it originates from an uncontrolled network. It follows the guiding
principle "never trust, always verify," regardless of whether the request comes
from inside or outside the corporate network .
2. According to the shared responsibility model in a Software as a Service
(SaaS) deployment like Microsoft 365, who is responsible for securing the
customer's data and identities?
A) Microsoft only

,B) The customer only
C) A third-party auditor
D) Both Microsoft and the customer share equal responsibility
Correct Answer: B
Rationale: In the shared responsibility model, Microsoft is responsible for the
security "of" the cloud (physical hosts, datacenters, network). The customer is
always responsible for what they put "in" the cloud, including their data, identities,
user devices, and accounts .
3. A retail company is subject to GDPR because it stores data of EU citizens.
They must ensure data is only stored in datacenters located in the European
Union. What concept does this requirement describe?
A) Data Sovereignty
B) Data Residency
C) Data Classification
D) Data At Rest
Correct Answer: B
Rationale: Data residency refers to the physical location (geographic boundaries)
where data is stored. While data sovereignty refers to the legal implications (local
laws governing the data), residency is the actual geographic location requirement.
GDPR enforces strict data residency rules for EU citizen data .
4. Which pillar of the Zero Trust model requires verifying explicit conditions
like user role, location, and device health before granting access?
A) Assume Breach
B) Use Least Privilege Access
C) Verify Explicitly
D) Segmentation
Correct Answer: C
Rationale: "Verify Explicitly" means that all access requests are authenticated and
authorized based on all available data points (user identity, location, device health,
workload, classification) before granting the minimal necessary access.
5. What is the primary purpose of "Defense in Depth"?
A) To ensure every user has only the minimum necessary access rights.
B) To use a single, powerful firewall to block all attacks.

,C) To apply a series of layered security mechanisms to slow down an attack.
D) To move all data to a single, secure cloud location.
Correct Answer: C
Rationale: The strategy of defense in depth is to use multiple layers of protection
(physical, identity, network, application, data) to create a comprehensive security
posture. If one layer is breached, subsequent layers prevent further damage .
6. A company wants to ensure employees can only access the specific customer
database required for their job, not the entire HR system. Which principle is
the company enforcing?
A) Separation of Duties
B) Zero Trust
C) Authentication
D) Least Privilege
Correct Answer: D
Rationale: The principle of least privilege ensures users are granted only the
minimum access necessary to perform their job functions. This reduces the attack
surface and limits the potential damage from compromised credentials .
7. The human resources department needs to prove that a specific employee
agreement document has not been altered since it was signed three years ago.
Which security mechanism provides this assurance?
A) Data Classification
B) Hashing
C) Tokenization
D) Data Obfuscation
Correct Answer: B
Rationale: Hashing is a one-way function that creates a unique digital fingerprint
of data. If the data changes even slightly, the hash output changes completely.
Comparing hashes verifies the integrity of the data .
8. Which security concept is defined as the process of verifying the identity of
a user or device?
A) Authorization
B) Auditing
C) Authentication
D) Accounting

, Correct Answer: C
Rationale: Authentication (AuthN) is the act of proving identity (e.g., "You are
who you say you are," using a password or biometric). Authorization (AuthZ) is
the act of granting permission to access a resource .
9. A government regulation requires that all emails containing personally
identifiable information (PII) be automatically encrypted if sent outside the
organization. This is an example of a requirement driven by which domain?
A) Identity Management
B) Threat Protection
C) Compliance
D) Network Security
Correct Answer: C
Rationale: Compliance refers to the process of adhering to laws, regulations,
standards, and organizational policies. The requirement to encrypt PII based on a
government mandate falls directly under compliance obligations .
10. In the "Assume Breach" principle of Zero Trust, security architects design
systems assuming an attacker is already inside the network. What is the
primary goal of this mindset?
A) To focus only on external threats.
B) To reduce the Mean Time to Repair (MTTR).
C) To prioritize detection and rapid response over simple prevention.
D) To eliminate the need for firewalls.
Correct Answer: C
Rationale: Assuming breach shifts focus from solely preventing perimeter
breaches to quickly detecting and responding to lateral movement and data
exfiltration, acknowledging that prevention controls will eventually fail .


Section 2: Identity & Access Management (Microsoft Entra ID)
11. Which Microsoft service is the cloud-based identity and access
management solution that provides authentication and authorization for
Microsoft 365, Azure, and third-party applications?
A) Microsoft Entra ID
B) Active Directory Domain Services (AD DS)

Escuela, estudio y materia

Institución
2026
Grado
2026

Información del documento

Subido en
2 de julio de 2026
Número de páginas
35
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$24.49
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
trustednurse NURSING
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
949
Miembro desde
3 año
Número de seguidores
411
Documentos
9860
Última venta
1 semana hace

On this platform, you will discover a variety of meticulously crafted study materials, including detailed documents, comprehensive bundles, and expertly designed flashcards provided by the seller, Trustednurse. These resources are thoughtfully prepared to support your learning journey and make your studies and exam preparations smooth and effective. I am here to offer any assistance or answer any questions you may have regarding your academic needs. Please don’t hesitate to reach out for guidance or support—I am more than happy to help you achieve success in your courses and exams. Wishing you a seamless and rewarding learning experience. Thank you so much for choosing these resources!

Lee mas Leer menos
4.9

2502 reseñas

5
2395
4
30
3
36
2
17
1
24

Recientemente visto por ti

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes