SC-900 Sample Questions

Correct Answer: Azure AD Identity Protection Explanation: Azure AD Identity Protection automates the detection and remediation of identity-based risks, providing risk-based Conditional Access policies.

Correct Answer: Cloud Security Posture Management (CSPM) Explanation: CSPM assesses configurations against benchmarks and best practices, identifying misconfigurations and providing a secure score to guide improvements.

Correct Answer: Network Security Group (NSG) Explanation: NSGs apply network traffic filtering rules to network interfaces or subnets within an Azure Virtual Network.

Correct Answer: Password Hash Synchronization (PHS) Explanation: PHS is the simplest method to enable authentication for hybrid identities, where a hash of the on-premises password hash is synchronized to Entra ID.

Correct Answer: Azure role-based access control (RBAC) Explanation: Azure RBAC allows granular permission management by assigning roles with specific permissions to users, groups, or service principals.

Correct Answer: Service principal Explanation: A service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources securely.

Correct Answer: To ensure data integrity and detect tampering. Explanation: Hashing generates a fixed-size unique value (hash) from data. If even a single bit of the original data changes, the hash will change, indicating tampering and ensuring integrity.

Correct Answer: Microsoft Entra ID (formerly Azure Active Directory) Explanation: Microsoft Entra ID is Microsoft's cloud-based identity and access management service that provides centralized control for users and applications.

Correct Answer: Zero Trust Explanation: Zero Trust is a security model that operates on the principle of "never trust, always verify," requiring strict identity verification and device compliance before granting access.

Correct Answer: The Cloud Service Provider (CSP) Explanation: In the Shared Responsibility Model, the CSP is responsible for the security of the cloud (the underlying infrastructure). The customer is responsible for security in the cloud (what they put in it and how they configure it).