SC-900 Mock exam :Microsoft SC-900 Exam Preparation and Practice (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
Which two additional forms of authentication are available in Azure AD for MFA from any device? (Select all)
❌ Fingerprint recognition
✅ Text message (SMS)
❌ Facial recognition
✅ Voice call
Explanation: SMS and voice calls are device-agnostic MFA methods that work from any phone/device. Fingerprint/face usually require device support (platform biometrics).
2. Question 2
Which services can act as SIEM and SOAR?
❌ Azure Monitor
❌ Microsoft Bastion
❌ Microsoft Defender
✅ Microsoft Sentinel
Explanation: Microsoft Sentinel is the cloud-native SIEM + SOAR offering. (Azure Monitor is monitoring; Defender products protect workloads.)
3. Question 3
Which are considered pillars of CASB? (Select all)
✅ Visibility
❌ Accessibility
✅ Compliance
❌ Integrity
Explanation: CASB pillars commonly include Visibility, Compliance, Data Security / Control, and Threat Protection.
4. Question 4
In shared security model for SaaS, which is always the customer’s responsibility?
❌ Applications
❌ Operating system
❌ Authentication functionality
✅ User accounts
Explanation: In SaaS the provider manages the app/OS; customers are responsible for user accounts and their management.
5. Question 5
Which pillar processes identity data and determines access?
❌ Administration
❌ Audit
✅ Authorization
❌ Authentication
Explanation: Authorization evaluates identity attributes/claims to determine access levels (authentication simply verifies identity).
6. Question 6
Which elements feature in Microsoft’s six privacy principles? (Select all)
✅ Benefits you
✅ No content-based targeting
❌ Freedom of information
❌ No legal protection
Explanation: Microsoft’s privacy principles include user benefit and restrictions like no content-based ad targeting; the other options are not part of the six principles.
7. Question 7
What type of control is used in Microsoft Purview Compliance Manager?
❌ Application control
✅ Microsoft-managed control
❌ Third-party control
❌ Micro control
Explanation: Compliance Manager shows Microsoft-managed controls (and customer-managed and third-party where applicable); “Microsoft-managed control” is the type listed.
8. Question 8
Goal of Microsoft Purview Data Lifecycle?
❌ Visualize your data
❌ Plot your data
❌ Store your data
✅ Know your data
Explanation: Purview’s lifecycle focus is on understanding / knowing your data across its lifecycle.
9. Question 9
Broad areas of compliance? (Select all)
❌ Public risk
❌ Property risk
✅ Privacy risk
✅ Legal risk
Explanation: Compliance commonly covers privacy and legal/regulatory risk areas.
10. Question 10
To identify credit cards in customer data use:
❌ Classification labels
✅ Sensitive information types
❌ Retention labels
❌ Content explorer
Explanation: Sensitive information types (e.g., Credit Card Number) are the detection mechanism for PII/PCI content.
11. Question 11
When would you employ information barriers?
❌ To prevent sensitive company data from leaking
❌ To preserve company IP
✅ To prevent different departments from sharing information
❌ To prevent roles without sufficient permissions from accessing sensitive information
Explanation: Information barriers are used to prevent collaboration/communication between groups (e.g., legal ↔ finance). They enforce separation of groups’ communications.
12. Question 12
Which feature allows you to create a role with set permissions that align with common tasks?
✅ Templated roles
❌ Conditional Access
❌ Multi-factor authentication (MFA)
❌ Role-based access control (RBAC)
Explanation: “Templated roles” (built-in role templates) let you create roles aligned to common tasks. (RBAC is the overall model but the question asks the feature that creates task-aligned roles.)
13. Question 13
Which of the following are sign-on risks? (Select all)
✅ Atypical travel
❌ Role
✅ Protocol attack
✅ Anonymous IP address
Explanation: Atypical travel and anonymous IP / protocol anomalies are examples of sign-in risk signals; “role” is not a sign-on risk.
14. Question 14
Conditional Access template categories (select all that apply)
✅ Protect administrator
✅ Secure foundations
✅ Service principal
❌ Highest privilege
Explanation: Template categories include protections for administrators, secure foundations, and service principals; “Highest privilege” is not a standard template category.
15. Question 15
Primary purpose of Content Explorer in Microsoft 365?
✅ Content search and discovery
❌ Activity monitoring and analysis
❌ Content classification and labeling
❌ DLP policy enforcement
Explanation: Content Explorer helps locate and search content across the estate for review and discovery.
16. Question 16
Which service monitors communication compliance internally?
❌ Microsoft Service Trust portal
✅ Microsoft Purview
❌ Microsoft Cloud Security Benchmark (MCSB)
❌ Microsoft Defender
Explanation: Microsoft Purview includes Communication Compliance features to monitor internal communications.
17. Question 17
What does the compliance score evaluate?
❌ Metric about ability to reach customers
❌ Speed of deploying security
✅ Actions taken to meet industry & security standards
❌ Complexity of security measures
Explanation: Compliance score reflects an organization’s actions toward meeting standards and recommendations.
18. Question 18
Plot all locations a document has been in — this is known as:
❌ Data classification
❌ Data discovery
❌ Data landscape
✅ Data lineage
Explanation: Data lineage tracks where data has been and how it flows/transforms.
19. Question 19
Service to enforce communication compliance in Teams?
✅ Microsoft Purview
❌ Microsoft Sentinel
❌ Microsoft Exchange Online
❌ Microsoft Defender
Explanation: Purview has communication compliance policies to enforce rules on Teams messages.
20. Question 20
Used to gather information in a legal case?
❌ Communication Compliance
❌ Activity Explorer
✅ eDiscovery
❌ Content Explorer
Explanation: eDiscovery is the toolset for legal holds, search and export for legal proceedings.
21. Question 21
Provides a secure means of presenting an endpoint to the public?
❌ Microsoft Defender
✅ Azure Bastion
❌ Microsoft Purview
❌ Azure Firewall
Explanation: Azure Bastion securely exposes RDP/SSH to VMs without public IPs or direct exposure.
22. Question 22
Services most closely connected with RDP and SSH?
✅ Azure Bastion
❌ Microsoft Defender
❌ Azure Identity Protection (AIP)
❌ Microsoft Sentinel
Explanation: Azure Bastion is specifically built for secure RDP/SSH connectivity to VMs.
23. Question 23
Which are created expressly for data governance?
✅ Azure Blueprints
❌ Azure Active Directory
✅ Azure Policy
❌ Azure Identity and Access control
Explanation: Azure Policy and Blueprints are governance tools used to define and enforce organizational policies and deployments.
24. Question 24
Which reflects Microsoft’s Insider risk management workflow?
❌ Alerts, triage, investigate, action, policy
❌ Action, policy, alerts, triage, investigate
✅ Policy, alerts, triage, investigate, action
❌ Investigate, action, policy, alerts, triage
Explanation: Workflow starts with policies, then alerts, triage, investigation, and actions.
25. Question 25
True or False: Admin would choose an ARM template over an Azure Blueprint to enforce templated standardized approach?
❌ True
✅ False
Explanation: Azure Blueprints provide a higher-level templated approach (policies, RBAC, ARM artifacts) for standardized deployments; ARM templates alone are infra-as-code but Blueprints add governance.
26. Question 26
Max number of network groups that can be associated with an NSG?
❌ 2
❌ 3
✅ 1
❌ 4
Explanation: A subnet or NIC can be associated with one NSG at a time.
27. Question 27
Function of Attack Surface Reduction (ASR) in Defender for Endpoint?
❌ Adds protection to storage accounts
❌ Regulates access to malicious IPs/domains/URLs
✅ Brings threat detection of applications
❌ Provides additional layer on DNS
Explanation: ASR rules control and detect risky application behaviors—reducing attack surface and detecting malicious app activity.
28. Question 28
Best description of a Control domain?
❌ Area where SOC is housed
✅ A conceptual framework that categorizes security-related features/settings in the Microsoft ecosystem
❌ Central planning division of security team
❌ Means Active Directory communicates
Explanation: A Control Domain is a conceptual categorization of security controls and settings.
29. Question 29
Which service provides a secure score to identify how secure a resource is?
❌ Microsoft Sentinel
✅ Microsoft Defender
❌ Azure Bastion
❌ Security Operations Center
Explanation: Microsoft Defender (and Microsoft Secure Score within Defender/365 security centers) provides secure/compliance scoring.
30. Question 30
Which aligns with Zero Trust?
❌ Responsibility of protecting a network should be shared
❌ Authentication/authorization are a means of protecting a network
✅ That an intruder has already breached the system.
❌ Internal systems should be open to all only upon verification
Explanation: Zero Trust assumes breach (never trust, always verify); architecture is built around that premise.
31. Question 31
How many keys in asymmetric encryption?
❌ 3
❌ 4
✅ 2
❌ 1
Explanation: Asymmetric encryption uses a pair: public key and private key.
32. Question 32
Features present in Azure AD but absent in AD DS? (Select all)
❌ Access management
✅ Integration with SaaS applications
✅ Support for Modern authentication methods
❌ Identity management
Explanation: Azure AD is built for SaaS integration and modern auth (OAuth/OIDC); AD DS provides traditional on-prem identity management.
33. Question 33
Correct order in Insider risk workflow?
❌ Alerts, Investigate, Action, Policy, Triage
❌ Triage, Policy, Action, Investigate, Alerts
✅ Policy, Alerts, Triage, Investigate, Action
❌ Action, Triage, Investigate, Alerts, Policy
Explanation: Same as Q24—policy → alerts → triage → investigate → actions.
34. Question 34
Azure Active Directory is best described as:
✅ Identity as a Service (IDaaS)
❌ SaaS
❌ IaaS
❌ PaaS
Explanation: Azure AD is a cloud identity service (IDaaS) providing authentication/authorization features.
35. Question 35
Which could flag a high-risk sign-in?
❌ Flagged for Teams comments
❌ Often work from home
✅ You log in from an unusual location.
❌ Often log in late
Explanation: Unusual/geographic sign-in location is a classic high-risk signal.
36. Question 36
To keep passwords same on-prem and cloud?
❌ Federated Access
❌ Azure AD Connect
✅ Azure AD Password Hash Synchronization
❌ Azure AD Pass-through Authentication
Explanation: Password Hash Sync (via Azure AD Connect) ensures password parity between on-prem and Azure AD.
37. Question 37
Valid second form of identification after face recognition (select all):
✅ Fingerprint
✅ Registered device
❌ Iris scan
✅ PIN
Explanation: Fingerprint, registered device (device-based auth) and PIN are typical MFA second factors. Iris is not generally supported by all auth flows.
38. Question 38
True or False: User can reset password without admin intervention?
✅ True
❌ False
Explanation: Self-Service Password Reset (SSPR) allows users to reset passwords without admin help when configured.
39. Question 39
True or False: Microsoft uses email/chat/files/personal content to target advertising.
❌ True
✅ False
Explanation: Microsoft states they do not use customer content (email, chat, files) for targeted advertising.
40. Question 40
True or False: Azure Traffic Manager operates at the network application layer and uses HTTP/HTTPS properties for routing.
❌ True
✅ False
Explanation: Traffic Manager is DNS-based traffic routing (global DNS load balancing); Azure Front Door and Application Gateway operate at HTTP/HTTPS/application layer.
41. Question 41
True or False: In Purview Records management, a regulatory label can be easily removed once marked as regulatory record.
❌ True
✅ False
Explanation: Regulatory labels are intended to be permanent/immutable to satisfy compliance — they are not easily removed.
42. Question 42
True or False: Purview only provides tools for labeling but not classification.
❌ True
✅ False
Explanation: Microsoft Purview provides both classification and labeling tools.
43. Question 43
Acceptable means of validating in Microsoft Authentication App? (Select all)
❌ Password
✅ Pin
❌ Retina Scan
✅ Fingerprint
Explanation: Authenticator app supports device PIN and biometric (fingerprint/face) verifications; not retina scans or traditional passwords inside the app.
44. Question 44
Service that vets passwords to reduce poor password choices?
✅ Azure AD Password Protection
❌ Sensitivity labels
❌ Azure Password Protection Proxy
❌ A globally banned password list
Explanation: Azure AD Password Protection enforces banned password lists and custom banned terms to prevent weak passwords.
45. Question 45
Actions by Conditional Access policy (Select all)
✅ Block access
✅ Request multi-factor authentication (MFA)
❌ Requesting the user complete a captcha
❌ Rerouting the user to another log-in request
Explanation: Conditional Access can block sign-ins and require MFA; it does not present captchas or reroute to different login flows.
46. Question 46
Which are service-specific roles in Azure AD? (Select all)
✅ Global Administrator
✅ Exchange Administrator
✅ Teams Administrator
✅ Intune Administrator
Explanation: Azure AD includes many built-in service administrator roles (Exchange, Teams, Intune, Global Admin, etc.).
47. Question 47
Which description best describes Microsoft Purview Policy?
❌ Organizes/manages metadata
❌ Provides a view of data estate
❌ Facilitates secure collaborative sharing
✅ Establishes and enforces policies governing data
Explanation: Purview Policy is for defining/enforcing data policies across the estate.
48. Question 48
Which are DDoS attack types? (Select all)
❌ Dictionary Attack
❌ Man-in-the-middle Attack
✅ Volumetric Attack
✅ Protocol Attack
Explanation: DDoS categories include volumetric, protocol, and application-layer attacks. Dictionary and MITM are different attack types.
49. Question 49
Which Defender service best suits securing SaaS applications?
❌ Microsoft Defender for Storage
❌ Microsoft Defender for Endpoint
✅ Microsoft Defender for cloud apps
❌ Microsoft Defender for Office 365
Explanation: Defender for Cloud Apps (MCAS) is the CASB/Microsoft Defender product focused on SaaS app security.
50. Question 50
Which pillar creates and manages user identities?
✅ Administration
❌ Audit
❌ Authentication
❌ Authorization
Explanation: Administration covers creating and managing user identities (account lifecycle, provisioning). Authentication verifies identity; authorization governs access.
🧾 Final Summary Table
| Q# | Correct Answer(s) |
|---|---|
| 1 | Text message (SMS); Voice call |
| 2 | Microsoft Sentinel |
| 3 | Visibility; Compliance |
| 4 | User accounts |
| 5 | Authorization |
| 6 | Benefits you; No content-based targeting |
| 7 | Microsoft-managed control |
| 8 | Know your data |
| 9 | Privacy risk; Legal risk |
| 10 | Sensitive information types |
| 11 | Prevent different departments sharing info |
| 12 | Templated roles |
| 13 | Atypical travel; Protocol attack; Anonymous IP |
| 14 | Protect administrator; Secure foundations; Service principal |
| 15 | Content search & discovery |
| 16 | Microsoft Purview |
| 17 | Actions taken to meet industry & security standards |
| 18 | Data lineage |
| 19 | Microsoft Purview |
| 20 | eDiscovery |
| 21 | Azure Bastion |
| 22 | Azure Bastion |
| 23 | Azure Blueprints; Azure Policy |
| 24 | Policy → Alerts → Triage → Investigate → Action |
| 25 | False |
| 26 | 1 |
| 27 | Brings threat detection of applications |
| 28 | Conceptual framework categorizing security features |
| 29 | Microsoft Defender |
| 30 | Assume intruder already breached system |
| 31 | 2 |
| 32 | Integration with SaaS apps; Support for modern auth |
| 33 | Policy → Alerts → Triage → Investigate → Action |
| 34 | Identity as a Service (IDaaS) |
| 35 | Unusual location sign-in |
| 36 | Azure AD Password Hash Synchronization |
| 37 | Fingerprint; Registered device; PIN |
| 38 | True |
| 39 | False |
| 40 | False |
| 41 | False |
| 42 | False |
| 43 | Pin; Fingerprint |
| 44 | Azure AD Password Protection |
| 45 | Block access; Request MFA |
| 46 | Global Admin; Exchange Admin; Teams Admin; Intune Admin |
| 47 | Establish & enforce data policies |
| 48 | Volumetric Attack; Protocol Attack |
| 49 | Microsoft Defender for Cloud Apps |
| 50 | Administration |