DummyExams LogoDummyExams
Azure logo

Free Practice · No Signup Required

30 Free Azure SC-900 Practice Questions

Real practice questions for the Azure Security, Compliance, & Identity (SC-900) exam, with answers and detailed explanations. Updated 2026.

Start Timed Exam ModeUnlock all 210+ Questions

Free questions

30

Passing score

700 out of 1000

Exam time

60 minutes

Question pool

210+ Questions

Below are 30 real practice questions for the Azure Security, Compliance, & Identity (SC-900) exam. Each question shows the correct answer and a detailed explanation when you reveal it. Use these to benchmark your readiness — if you score below 70% on these 30 questions, plan for at least 4 more weeks of study before booking.

SC-900 Practice Questions

  1. Question 1.Conditional access policies always enforce the user of multi-factor authentication (MFA).

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    Conditional Access policies can enforce MFA, but they can also be used for other things like blocking access from certain locations or requiring compliant devices without always requiring MFA.

  2. Question 2.Conditional access policies can be used to block access to an application based on the location of the user.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Location-based conditions are a core feature of Conditional Access, allowing you to restrict access based on IP ranges or countries.

  3. Question 3.Conditional access policies only affect users who have Microsoft Entra ID-joined devices.

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    Conditional Access applies to users regardless of their device join state. It can be used to *require* joined devices, but it affects all targeted users.

  4. Question 4.[...] is used to identify, hold, and export electronic information that might be used in an investigation.

    • A.Customer Lockbox.
    • B.Data loss prevention (DLP).
    • C.eDiscovery.(correct answer)
    • D.Resource lock.
    Show answer & explanation

    Correct answer: C

    eDiscovery.

    Explanation

    eDiscovery is the process of finding and delivering electronic information that can be used as evidence in legal cases.

  5. Question 5.Microsoft Defender for Endpoint can protect Android devices.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Defender for Endpoint is a multi-platform solution that supports Windows, macOS, Linux, Android, and iOS.

  6. Question 6.Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Defender for Endpoint can be deployed to Windows 10/11 VMs in Azure just like physical endpoints.

  7. Question 7.Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses.

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    Microsoft Defender for Office 365 (Plan 1/2) is the solution responsible for protecting SharePoint, OneDrive, and Teams content. Defender for Endpoint focuses on the device OS.

  8. Question 8.What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

    • A.Automated remediation.
    • B.Automated investigation.
    • C.Advanced hunting.
    • D.Network protection.(correct answer)
    Show answer & explanation

    Correct answer: D

    Network protection.

    Explanation

    Network protection helps reduce the attack surface by preventing users from accessing malicious IP addresses or domains on the internet.

  9. Question 9.Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

    • A.Microsoft Secure Score.
    • B.Productivity Score.
    • C.Secure score in Microsoft Defender for Cloud.
    • D.Compliance score.(correct answer)
    Show answer & explanation

    Correct answer: D

    Compliance score.

    Explanation

    Compliance score (found in Compliance Manager) specifically tracks an organization's adherence to regulatory standards and internal policies.

  10. Question 10.You can add a resource lock to an Azure subscription.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Resource locks can be applied at the Subscription, Resource Group, or individual Resource level.

  11. Question 11.You can add only one resource lock to an Azure resource.

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    You can apply multiple locks (e.g., both a ReadOnly lock and a CanNotDelete lock) to the same resource.

  12. Question 12.You can delete a resource group containing resources that have resources locks.

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    If a resource within a resource group has a CanNotDelete lock, you cannot delete the entire resource group until the lock is removed.

  13. Question 13.Azure Defender can detect vulnerabilities and threats for Azure Storage.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Microsoft Defender for Storage (part of Defender for Cloud/Defender) provides advanced threat protection for data in storage accounts.

  14. Question 14.Cloud Security Posture Management (CSPM) is available for all Azure subscriptions.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Basic CSPM features are available for free in Microsoft Defender for Cloud for all subscriptions.

  15. Question 15.Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Defender for Cloud is a hybrid solution that can monitor security posture for Azure, AWS, GCP, and on-premises servers.

  16. Question 16.In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

    • A.The management of mobile devices.
    • B.The permissions for the user data stored in Azure.
    • C.The creation and management of user accounts.
    • D.The management of the physical hardware.(correct answer)
    Show answer & explanation

    Correct answer: D

    The management of the physical hardware.

    Explanation

    Microsoft is always responsible for the physical security and maintenance of the hardware and the global data centers in all cloud models (IaaS, PaaS, SaaS).

  17. Question 17.Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?

    • A.Sensitivity label policies.
    • B.Customer Lockbox.
    • C.Information Barriers.(correct answer)
    • D.Privileged Access Management (PAM).
    Show answer & explanation

    Correct answer: C

    Information Barriers.

    Explanation

    Information Barriers prevent specific groups of users from communicating with each other in Teams, SharePoint, and OneDrive.

  18. Question 18.You can use [...] in the Microsoft 365 security center to identify devices that are affected by an alert.

    • A.classifications.
    • B.incidents.(correct answer)
    • C.policies.
    • D.secure score.
    Show answer & explanation

    Correct answer: B

    incidents.

    Explanation

    High-level 'incidents' aggregate related alerts and identify the affected identities, devices, and other assets.

  19. Question 19.When users sign in to the Azure portal, they are first [...].

    • A.assigned permissions.
    • B.authenticated.(correct answer)
    • C.authorized.
    • D.resolved.
    Show answer & explanation

    Correct answer: B

    authenticated.

    Explanation

    Authentication (verifying identity) always happens before authorization (checking what the user is allowed to do).

  20. Question 20.You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?

    • A.Threat modeling.
    • B.Identity as the security perimeter.
    • C.Defense in depth.(correct answer)
    • D.The shared responsibility model.
    Show answer & explanation

    Correct answer: C

    Defense in depth.

    Explanation

    Defense in depth is the strategy of using multiple layers of security to provide redundancy and ensure that if one layer fails, others are there to protect the data.

  21. Question 21.Compliance Manager assesses compliance data [...] for an organization.

    • A.continually.(correct answer)
    • B.monthly.
    • C.on-demand.
    • D.quarterly.
    Show answer & explanation

    Correct answer: A

    continually.

    Explanation

    Compliance Manager provides continuous assessment of an organization's compliance posture by automatically evaluating activities and configurations against regulatory standards.

  22. Question 22.What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?

    • A.Attack simulator.
    • B.Reports.(correct answer)
    • C.Hunting.
    • D.Incidents.
    Show answer & explanation

    Correct answer: B

    Reports.

    Explanation

    The 'Reports' section in the Microsoft 365 Defender portal (formerly security center) provides visualizations and data on security trends, identity protection, and device health.

  23. Question 23.Digitally signing a document requires a private key.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Digital signatures use asymmetric encryption. The signer uses their private key to create the signature, which ensures non-repudiation.

  24. Question 24.Verifying the authenticity of a digitally signed document requires the public key of the signer.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    To verify a digital signature, the recipient uses the signer's public key. If the decryption is successful, it proves the document was signed by the owner of the corresponding private key.

  25. Question 25.Verifying the authenticity of a digitally signed document requires the private key of the signer.

    • A.Yes.
    • B.No.(correct answer)
    Show answer & explanation

    Correct answer: B

    No.

    Explanation

    The signer's private key must be kept secret and is only used for signing. Verification is always done with the public key.

  26. Question 26.In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?

    • A.Plan.(correct answer)
    • B.Manage.
    • C.Adopt.
    • D.Govern.
    • E.Define Strategy.(correct answer)
    Show answer & explanation

    Correct answer: A, E

    Plan. / Define Strategy.

    Explanation

    The standard flow of the Cloud Adoption Framework is: Strategy -> Plan -> Ready -> Adopt -> Govern/Manage. Strategy and Plan both precede the Ready phase.

  27. Question 27.What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

    • A.Microsoft Entra ID Privileged Identity Management (PIM).(correct answer)
    • B.Azure Multi-Factor Authentication (MFA).
    • C.Microsoft Entra ID Identity Protection.
    • D.conditional access policies.
    Show answer & explanation

    Correct answer: A

    Microsoft Entra ID Privileged Identity Management (PIM).

    Explanation

    Privileged Identity Management (PIM) allows for 'just-in-time' access, where administrative permissions are granted for a specific, limited duration (like 2 hours).

  28. Question 28.Applying system updates increases an organization's secure score in Microsoft Defender for Cloud.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Remediating security recommendations, such as installing missing system updates, directly improves an organization's Secure Score by reducing the attack surface.

  29. Question 29.The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Defender for Cloud can provide an aggregated Secure Score for multiple subscriptions, allowing for centralized security posture management.

  30. Question 30.Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud.

    • A.Yes.(correct answer)
    • B.No.
    Show answer & explanation

    Correct answer: A

    Yes.

    Explanation

    Enabling MFA is one of the highest-impact security recommendations and significantly increases the Secure Score.

Ready for the full SC-900 exam?

Get all 210+ Questions, timed simulation, and weak-area analytics. Plans from $2.99 — credits never expire.

See pricing

Frequently Asked Questions

Are these real SC-900 practice questions?+
Yes. These 30 questions are taken directly from our 210+ Questions pool, written and reviewed by certified practitioners. They mirror the style, difficulty, and scope of the official Azure SC-900 exam.
Is the SC-900 exam hard?+
The Azure Security, Compliance, & Identity (SC-900) is considered a pass-mark exam (passing score: 700 out of 1000). Most candidates need 4–8 weeks of focused preparation. Use these free questions to gauge where you stand before committing to a full study plan.
How many questions are on the real SC-900 exam?+
The official SC-900 exam has 40-60 questions.
Do I need to sign up to use these questions?+
No. These 30 questions are free and require no signup. If you want timed simulation, performance analytics, and access to all 210+ Questions, our paid plans start at $2.99 per exam with credits that never expire.

Keep studying

Full exam

Azure Security, Compliance, & Identity (SC-900) details

Azure

Free practice

Microsoft AZ-900

Azure

Free practice

Microsoft AZ-500

Azure

Free practice

Microsoft AZ-104

Pass SC-900 on your first try

Join candidates using DummyExams to practice with realistic timed exams, detailed explanations, and weak-area analytics.

Start full SC-900 practice exam