Microsoft SC-900 Practice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 15 2026

All questions are working fine.

All Questions (220)bookmarkBookmarked (0)

All220Show all accessible questions in this exam.Missed220Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 71

Scenario: Café Rivoli is a restaurant in Manhattan that has a very exclusive clientele. Steve Rogers and Bruce Banner are the creators of this iconic restaurant and continue to strive to improve the business. Part of the improvements has been to implement Microsoft Azure into their business and have hired you to lead several projects in the company.

The IT team at Café Rivoli is planning to upgrade from Basic SKU to a Standard SKU. Bruce comes to you to confirm that this should not pose any problems.

Which of the following should be your response?

Upgrading from Basic SKU to a Standard SKU is not supported.

Upgrading from Basic SKU to a Standard SKU is supported.

Question 72

Scenario: Anvil is a private military firm founded by Billy Russo with the purpose of providing military and security services. The company specializes in its activity in military contract services, such as personal protection, convoy security, and tactical operations.

To keep ahead of the technological curve, Billy has adopted Microsoft as a core system for the company and is moving their IT infrastructure to the cloud. Billy wants to know how to create and implement business and technology strategies in a way that will help them succeed in the cloud.

Which of the following can they use to help them transition to the cloud?

They should use the Azure Cloud Succeed Framework.

They should use Azure Policy for guidance on moving to the cloud.

All of the implemented options should be implemented.

They should use the Microsoft Cloud Adoption Framework for guidance on moving to the cloud.

Question 73

Identify the missing word(s) in the following sentence within the context of Microsoft Azure.

The audit functionality in the Microsoft 365 compliance centre allows organizations to view user and administrator activity through a unified audit log.

It can take up to [?] after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.

check_circle

Correct AnswerE

It can take 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.

The core audit capabilities of Microsoft 365

The audit functionality in the Microsoft 365 compliance centre allows organizations to view user and administrator activity through a unified audit log.

For example, did an administrator reset a password? Did a user change a setting for a team in Microsoft Teams? A unified audit log supports the search of many users and/or admin activities across Microsoft 365 services, Dynamics 365, Microsoft Power Apps, Microsoft Power Automate, Power BI, Azure Active Directory, and more. For a detailed listing, visit Search the audit log in the compliance centre.

When an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for the organization. The length of time that an audit record is kept (and searchable in the audit log) depends on the Office 365 or Microsoft 365 Enterprise subscription, and specifically the type of the license that's assigned to specific users. For core audit capability, the audit record is kept and searchable for 90 days.

Searching the audit log requires the search capability to be turned on, and for the user doing the search to be assigned the appropriate role. The search criteria can be configured based on:

• Activities

• Start date and end date

• Users

• File, folder, or site

The results of the audit log search, which can be filtered and exported to a CSV file, contain the following information about each event returned by the search:

• Date: The date and time (in UTC format) when the event occurred.

• IP address: The IP address of the device that was used when the activity was logged. The IP address is displayed in either an IPv4 or IPv6 address.

• User: The user (or service account) who completed the action that triggered the event.

• Activity: The activity completed by the user. This is based on activities configured.

• Item: The object that was created or modified because of the corresponding activity. For example, the file that was viewed or modified, or the user account that was updated. Not all activities have a value in this column.

• Detail: Additional information about an activity. Again, not all activities have a value.

It can take 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.

https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide

Question 74

The IT team at Café Rivoli is planning to employ Azure Virtual Desktop with Bastion. Steve comes to you to confirm that this should not pose any problems.

Does Bastion support connectivity to Azure Virtual Desktop?

Yes

Question 75

Scenario: Iceberg Lounge is Gotham's coolest nightclub and Penguin's pad for operations. It's a high-end nightclub in Gotham which acts as a legit forefront of his illegal activities.

You have been hired as a contractor for Iceberg Lounge, and you are consulting on various IT functions. Oswald Cobblepot runs the show there.

While Oswald was browsing Microsoft compliance documentation in the Service Trust Portal, he found several documents that are specific to the lounge industry.

Which of the following is the best way of ensuring Oswald is current with the latest updates?

Review the lounge industry documentation each month to ensure he has the latest version.

Save the documents to his My Library.

Download each document.

Print each document so he can easily refer to them.

check_circle

Correct AnswerB

Saving the document to the My Library section of the Service Trust Portal, will ensure he has the latest updates.

Service Trust Portal Offerings

The Service Trust Portal provides information, tools, and other resources about Microsoft security, privacy, and compliance practices. Sign in with your Microsoft cloud services account to access all the available documentation.

From the main menu, you access:

• Service Trust Portal – home page.

• Compliance Manager – measures your progress in completing actions that help reduce risks around data protection and regulatory standards. To find out more, see the Microsoft Compliance Manager documentation in the Learn More section below.

• Trust Documents – links to a security implementation and design information.

• Industries & Regions – contains compliance information about Microsoft Cloud services organized by industry and region. The Industry Solutions link currently displays the home page for Financial Services. The Regional Solutions links currently have information for: Australia, Canada, Czech Republic, Denmark, Germany, Poland, Romania, Spain, and the United Kingdom.

• Trust Centre – links to the Microsoft Trust Centre, which provides more information about security, compliance, and privacy in the Microsoft Cloud.

• Resources – links to resources including information about the features and tools available for data governance and protection in Office 365, the Microsoft Global Datacentres, and Frequently Asked Questions.

• My Library – allows you to add documents and resources that are relevant to your organization. Everything is in one place. You can also opt to have email notifications sent when a document is updated and set the frequency you receive notifications.

The Service Trust Portal provides information, tools, and other resources about Microsoft security, privacy, and compliance practices.

https://edxinteractivepage.blob.core.windows.net/edxpages/Security%20fundamentals/LP01M02%20Explore%20the%20Service%20Trust%20Portal/index.html

Question 76

True or False: If content has been marked as a regulatory record, no one, including a global administrator, can remove the label.

False

True

check_circle

Correct AnswerB

If content has been marked as a regulatory record, nobody, not even a global administrator, can remove the label.

Records management

Organizations of all types require a management solution to manage regulatory, legal, and business-critical records across their corporate data. Records management in Microsoft 365 helps an organization look after their legal obligations. It also helps to demonstrate compliance with regulations and increases efficiency with regular disposition of items that are no longer required to be kept, no longer of value, or no longer required for business purposes. It provides the following capabilities:

• Labelling content as a record.

• Migrating and managing retention plans with file plan manager.

• Establishing retention and deletion policies within the record label.

• Triggering event-based retention.

• Reviewing and validating disposition.

• Proof of records deletion.

• Exporting information about disposed items.

• Setting specific permissions for record manager functions in the organization.

When content is labelled as a record, the following happens:

• Restrictions are put in place to block certain activities.

• Activities are logged.

• Proof of disposition is kept at the end of the retention period.

To enable items to be marked as records, an administrator sets up retention labels.

Items such as documents and emails can then be marked as records based on those retention labels. Items might be marked as records, but they can also be shown as regulatory records. Regulatory records provide other controls and restrictions such as:

• A regulatory label can’t be removed when an item has been marked as a regulatory record.

• The retention periods can’t be made shorter after the label has been applied.

For more information on comparing, use the Compare restrictions for what actions are allowed or blocked section of the documentation.

The most important difference is that if content has been marked as a regulatory record, nobody, not even a global administrator, can remove the label. Marking an item as a regulatory record can have irreversible consequences and should only be used when necessary. As a result, this option isn’t available by default, and has to be enabled by the administrator using PowerShell.

Common use cases for records management

Microsoft 365’s records management capabilities are flexible. There are different ways in which records management can be used across an organization, including:

• Enabling administrators and users to manually apply retention and deletion actions for documents and emails.

• Automatically applying retention and deletion actions to documents and emails.

• Enabling site admins to set default retain and delete actions for all content in a SharePoint library, folder, or document set.

• Enabling users to automatically apply retain and delete actions to emails by using Outlook rules.

To ensure records management is used correctly across the organization, administrators can work with content creators to put together training materials. Documentation should explain how to apply labels to drive usage and ensure a consistent understanding.

https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management?view=o365-worldwide

Question 77

Scenario: The Brand Corporation is the science and research branch of the Roxxon Corporation which is managed by Melinda May and Phil Coulson. Melinda and Phil have decided to use Azure for the company to increase its efficiencies and security. Melinda hired you as an advisor to guide many projects to ensure their success.

Roxxon is launching a new app for its customers as one of its primary projects. Customers will use a sign-in screen that is customized with the Roxxon's brand identity.

Which type of Azure External identity solution should the organization use?

User assigned identities

Azure AD Hybrid identities

Azure AD B2C

Azure AD B2B

check_circle

Correct AnswerC

Roxxon should use Azure AD B2C which is an authentication solution for customers that you can customize with your brand identity.

Today’s world is about collaboration, working with people both inside and outside of your organization. That means you'll sometimes need to provide access to your organization’s applications or data to external users.

Azure AD External Identities is a set of capabilities that enable organizations to allow access to external users, such as customers or partners. Your customers, partners, and other guest users can "bring their own identities" to sign in.

This ability for external users is enabled through Azure AD support of external identity providers like other Azure AD tenants, Facebook, Google, or enterprise identity providers. Admins can set up federation with identity providers so your external users can sign in with their existing social or enterprise accounts instead of creating a new account just for your application.

There are two different Azure AD External Identities: B2B and B2C.

• B2B collaboration allows you to share your apps and resources with external users.

• B2C is an identity management solution for consumer and customer facing apps.

B2B collaboration

B2B collaboration allows you to share your organization’s applications and services with guest users from other organizations, while maintaining control over your own data. B2B collaboration uses an invitation and redemption process, allowing external users to access your resources with their credentials. Developers can customize the invitation and redemption process using Azure AD business-to-business APIs.

With B2B collaboration, external users are managed in the same directory as employees but are typically annotated as guest users. Guest users can be managed in the same way as employees, added to the same groups, and so on. With B2B, SSO to all Azure AD-connected apps is supported.

B2C access management

Azure AD B2C is a customer identity access management (CIAM) solution. Azure AD B2C allows external users to sign in with their preferred social, enterprise, or local account identities to get single sign-on to your applications. Azure AD B2C supports millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.

With Azure AD B2C, external users are managed in the Azure AD B2C directory, separately from the organization's employee and partner directory. SSO to customer owned apps within the Azure AD B2C tenant is also supported.

Azure AD B2C is an authentication solution that you can customize with your brand so that it blends with your web and mobile applications.

Azure AD External Identities is a feature of Premium P1 and P2 Azure AD editions, and pricing is based on Monthly Active Users.

https://azure.microsoft.com/pricing/details/active-directory/external-identities/

Question 78

Scenario: The UCWF (Unlimited Class Wrestling Federation) was founded by a promoter named Edward Garner, who strives to use technology to improve his business and has come to you for assistance with the company’s Microsoft Azure service.

You are hosting a workgroup and the topic at hand is best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.

Which of the following would this fall under?

Azure Blueprints

The Microsoft Cloud Adoption Framework for Azure

A Resource lock

Azure Policy

Question 79

Scenario: Pennyworth’s Haberdashery has been around for over 50 years now and they have several stores in the Greater London area. They have just purchased a smaller clothier line based in Madrid and are integrating their systems with Pennyworth's Microsoft Power Platform service.

Alfred Pennyworth has hired you as a Microsoft Power Platform Expert for guidance on the merger of the systems. Alfred is concerned about reducing risks associated to data protection and regulatory standards.

Which of the following should you advise Alfred is the score which measures his company’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

Productivity Score

Secure score in Azure Security Centre

Microsoft Secure Score

Compliance score

Question 80

Scenario: Iceberg Lounge is Gotham's coolest nightclub and Penguin's pad for operations. It's a high-end nightclub in Gotham which acts as a legit forefront of his illegal activities.

You have been hired as a contractor for Iceberg Lounge, and you are consulting on various IT functions. Oswald Cobblepot runs the show there.

Dopinder is the lead admin in Iceberg Lounge where they are using the Microsoft 365 Defender portal every day. You, as the hired contractor, want to quickly get an understanding of the organization's current security posture.

Which capability in the Microsoft 365 Defender portal will you use?

Reports

Policies

Secure Score

Incidents

check_circle

Correct AnswerC

Secure Score, in the M365 Defender portal, will give a snapshot of an organization’s security posture, and provide details on how to improve it.

Microsoft 365 Defender portal

The Microsoft 365 Defender portal (previously Microsoft 365 security centre) combines protection, detection, investigation, and response to email, collaboration, identity, and device threats, in a central portal.

Here you can view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. The Microsoft 365 Defender portal helps security admins and security operations teams manage and protect their organization.

The Microsoft 365 Defender portal home page shows many of the common cards that security teams need. The composition of cards and data depends on the user role. Because the Microsoft 365 Defender portal uses role-based access control, different roles will see cards that are more meaningful to their day-to-day jobs.

The Microsoft 365 Defender portal allows admins to tailor the navigation pane to meet daily operational needs. Admins can customize the navigation pane to show or hide functions and services based on their specific preferences. Customization is specific to the individual admin, so other admins won’t see these changes.

The navigation pane in the Microsoft 365 Defender portal includes these options and many more:

• Home: Get an at-a-glance view of the overall security health of your organization.

• Incidents: See the broader story of an attack by connecting the dots seen on individual alerts on entities. You'll know exactly where an attack started, what devices are impacted, who was affected, and where the threat has gone.

• Alerts: Have greater visibility into all the alerts across your Microsoft 365 environment. Includes alerts from Microsoft Cloud App Security, Microsoft Defender for Office 365, Azure Active Directory, Microsoft Defender for Identity, and Microsoft Defender for Endpoint.

• Hunting: Proactively search for malware, suspicious files, and activities in your Microsoft 365 organization.

• Action centre: Reduce the volume of alerts your security team must address manually, allowing them to focus on more sophisticated threats and other high-value initiatives.

• Threat analytics - Track and respond to emerging threats with an integrated Microsoft 365 Defender threat analytics experience

• Secure Score: Improve your overall security posture with Microsoft Secure Score. This page provides an all-up summary of the different security features and capabilities you've enabled and includes recommendations for areas to improve.

• Learning hub - The Microsoft 365 Defender portal includes a learning hub that bubbles up official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at docs.microsoft.com.

• Endpoints – Microsoft Defender for Endpoints delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization.

• Email & collaboration - Microsoft Defender for Office 365 helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.

• Reports: Get the detail and information you need to better protect your users, devices, apps, and more.

• Permissions & roles: Access to Microsoft 365 Defender is configured with Azure Active Directory global roles or by using custom roles.

Note: You must be assigned an appropriate role, such as Global Administrator, Security Administrator, Security Operator, or Security Reader in Azure Active Directory to access the Microsoft 365 Defender portal.

The Microsoft 365 Defender portal is a specialized workspace designed to meet the needs of security teams and provides actionable insights to help reduce risks and safeguard your digital estate.

https://docs.microsoft.com/en-us/microsoft-365/security/defender/portals?view=o365-worldwide

Update History

Update History