Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Microsoft > Microsoft Certifications > SC-900 > SC-900 Online Practice Questions and Answers

SC-900 Online Practice Questions and Answers

Questions 4

DRAG DROP

Match the Microsoft Purview Insider Risk Management workflow step to the appropriate task.

To answer, drag the appropriate step from the column on the left to its task on the right. Each step may be used once, more than once, or not at all.

NOTE: Each correct match is worth one point.

Select and Place:

Buy Now

Correct Answer:

Box 1: Triage

New user activities that need investigation automatically generate alerts that are assigned a Needs review status. Reviewers can quickly identify and review, evaluate, and triage these alerts.

Alerts are resolved by opening a new case, assigning the alert to an existing case, or dismissing the alert. Using alert filters, it's easy to quickly identify alerts by status, severity, or time detected. As part of the triage process, reviewers can

view alert details for the activities identified by the policy, view user activity associated with the policy match, see the severity of the alert, and review user profile information.

Box 2: Investigate

Investigate

Quickly investigate all activities for a selected user with User activity reports (preview). These reports allow investigators in your organization to examine activities for specific users for a defined time period without having to assign them

temporarily or explicitly to an insider risk management policy. After examining activities for a user, investigators can dismiss individual activities as benign, share or email a link to the report with other investigators, or choose to assign the user

temporarily or explicitly to an insider risk management policy.

Cases are created for alerts that require deeper review and investigation of the activity details and circumstances around the policy match.

Box 3: Action

After cases are investigated, reviewers can quickly act to resolve the case or collaborate with other risk stakeholders in your organization. If users accidentally or inadvertently violate policy conditions, a simple reminder notice can be sent to

the user from notice templates you can customize for your organization. These notices may serve as simple reminders or may direct the user to refresher training or guidance to help prevent future risky behavior.

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management

Questions 5

HOTSPOT

Select the answer that correctly completes the sentence.

Hot Area:

Buy Now

Correct Answer:

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide

Questions 6

HOTSPOT

Select the answer that correctly completes the sentence.

Hot Area:

Buy Now

Correct Answer:

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide

Questions 7

HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Buy Now

Correct Answer:

Reference: https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-device-management

Questions 8

HOTSPOT

Select the answer that correctly completes the sentence.

Hot Area:

Buy Now

Correct Answer:

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Questions 9

HOTSPOT

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Buy Now

Correct Answer:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa

Questions 10

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

A. automated remediation

B. automated investigation

C. advanced hunting

D. network protection

Buy Now

Correct Answer: D

Network protection helps protect devices from Internet-based events. Network protection is an attack surface reduction capability.

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

Questions 11

When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. All users must authenticate from a registered device.

B. Administrators must always use Azure Multi-Factor Authentication (MFA).

C. Azure Multi-Factor Authentication (MFA) registration is required for all users.

D. All users must authenticate by using passwordless sign-in.

E. All users must authenticate by using Windows Hello.

Buy Now

Correct Answer: BC

Security defaults make it easy to protect your organization with the following preconfigured security settings:

1.

Requiring all users to register for Azure AD Multi-Factor Authentication.

2.

Requiring administrators to do multi-factor authentication.

3.

Blocking legacy authentication protocols.

4.

Requiring users to do multi-factor authentication when necessary.

5.

Protecting privileged activities like access to the Azure portal.

Questions 12

What are three uses of Microsoft Cloud App Security? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. to discover and control the use of shadow IT

B. to provide secure connections to Azure virtual machines

C. to protect sensitive information hosted anywhere in the cloud

D. to provide pass-through authentication to on-premises applications

E. to prevent data leaks to noncompliant apps and limit access to regulated data

Buy Now

Correct Answer: ACE

Reference: https://docs.microsoft.com/en-us/defender-cloud-apps/what-is-defender-for-cloud-apps

Questions 13

You have an Azure subscription that contains a Log Analytics workspace.

You need to onboard Microsoft Sentinel.

What should you do first?

A. Create a hunting query.

B. Correlate alerts into incidents.

C. Connect to your security sources.

D. Create a custom detection rule.

Buy Now

Correct Answer: C

https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources After you onboard Microsoft Sentinel into your workspace, use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for Microsoft services, which integrate in real time. For example, the Microsoft 365 Defender connector is a service-to-service connector that integrates data from Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.

Exam Code: SC-900
Exam Name: Microsoft Security Compliance and Identity Fundamentals
Last Update: May 27, 2026
Questions: 267

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.