Foundational certification covering security, compliance, and identity concepts and the capabilities of Microsoft Entra, Microsoft security solutions, and Microsoft Purview, with a worked explanation on every practice question.
Free sample questions
No account needed. Every question has a worked explanation, just like the full bank.
lock_openFree sampleMicrosoft Entra Capabilitieseasy
A new administrator asks what role Microsoft Entra ID plays within the Microsoft Entra product family. Which statement best describes Microsoft Entra ID?
- AIt is the foundational cloud-based identity and access management service for users, devices, and apps.check_circle Correct
- BIt is a managed domain service that provides group policy, LDAP, and Kerberos for legacy applications.
- CIt is a credential verification service for issuing decentralised verifiable credentials to users.
- DIt is the service that secures remote access to private apps, corporate networks, and multicloud resources.
Microsoft Entra ID is the foundational cloud-based identity and access management service for users, devices, apps, and resources. The grounding states Microsoft Entra ID is the foundational product of Microsoft Entra: a cloud-based identity and access management service that provides authentication, policy enforcement, and protection for users, devices, apps, and resources.
Why A is correct: Correct. The grounding states Microsoft Entra ID is the foundational product of Microsoft Entra: a cloud-based identity and access management service that provides authentication, policy enforcement, and protection for users, devices, apps, and resources.
Why B is wrong: Group policy, LDAP, and Kerberos for legacy apps describe Microsoft Entra Domain Services, a separate product in the family, not Microsoft Entra ID itself.
Why C is wrong: Issuing decentralised verifiable credentials describes Microsoft Entra Verified ID, a different product, not the foundational identity and access management service.
Why D is wrong: Securing remote access to private apps and corporate networks describes Microsoft Entra Private Access, not the core identity and access management service.
lock_openFree sampleMicrosoft Entra Capabilitieseasy
A security lead is describing why an organisation adopts the Microsoft Entra product family. Which overall security strategy is the Microsoft Entra family designed to help organisations implement?
- AA flat network model that trusts all traffic once it is inside the corporate perimeter.
- BA Zero Trust security strategy that verifies identities and validates access conditions.check_circle Correct
- CA single sign-on only strategy that removes the need to check access conditions at all.
- DA backup and disaster recovery strategy focused on restoring lost data as quickly as possible.
Microsoft Entra is a family of identity and network access products that helps organisations implement a Zero Trust security strategy. The grounding states Microsoft Entra is a family of identity and network access products that helps organisations implement a Zero Trust security strategy, used to verify identities, validate access conditions, check permissions, and monitor for compromise.
Why A is wrong: Trusting all internal traffic is the implicit-trust perimeter model that Zero Trust replaces, so it is the opposite of what the family is built for.
Why B is correct: Correct. The grounding states Microsoft Entra is a family of identity and network access products that helps organisations implement a Zero Trust security strategy, used to verify identities, validate access conditions, check permissions, and monitor for compromise.
Why C is wrong: Removing access-condition checks contradicts the family's purpose, which explicitly includes validating access conditions and checking permissions.
Why D is wrong: Backup and disaster recovery is unrelated to the identity and network access focus of the Microsoft Entra family.
lock_openFree sampleMicrosoft Entra Capabilitiesmedium
Several Azure virtual machines must all use the same identity to reach a shared storage account, and that identity must keep its permissions even when individual virtual machines are recycled. Which managed identity type fits this requirement?
- AA system-assigned managed identity, which is tied to one resource and deleted with it.
- BA service principal of the legacy type, created without an app registration.
- CA user-assigned managed identity, which can be shared across multiple Azure resources.check_circle Correct
- DAn application object, which is the global blueprint stored in the home tenant.
A user-assigned managed identity is a stand-alone resource with an independent life cycle that can be shared across multiple Azure resources. The grounding states a user-assigned managed identity is created as a stand-alone Azure resource with an independent life cycle and can be associated with more than one Azure resource, which is the recommended type for workloads where resources are recycled but permissions should stay consistent.
Why A is wrong: A system-assigned managed identity cannot be shared and is associated with only a single Azure resource, so it cannot serve several virtual machines at once.
Why B is wrong: A legacy service principal represents an old app without an app registration and is not the managed identity construct for sharing one identity across Azure compute resources.
Why C is correct: Correct. The grounding states a user-assigned managed identity is created as a stand-alone Azure resource with an independent life cycle and can be associated with more than one Azure resource, which is the recommended type for workloads where resources are recycled but permissions should stay consistent.
Why D is wrong: An application object is the global template for creating service principals, not an identity you assign to virtual machines to access a storage account.
Frequently asked questions
- How many questions are on the SC-900 exam?
- The Microsoft Security, Compliance, and Identity Fundamentals (SC-900) (SC-900) exam has Typically 40 to 60 questions questions and runs for 45 minutes. The format is multiple choice and multiple response, at a pearson vue testing center or online proctored.
- What score do I need to pass SC-900?
- The pass mark is 700 / 1000. Examworthy gives you a per-domain readiness score so you can see which domains are holding you back before you book.
- How much does the SC-900 exam cost?
- The exam costs 99 USD to sit. Practising on Examworthy is free to start, with a worked explanation on every question.
- How does Examworthy help me prepare for SC-900?
- Every practice question carries a worked explanation and a per-distractor rationale, mapped to the official blueprint domains. You learn why each answer is right or wrong, not just the letter.
- Is Examworthy affiliated with Microsoft?
- No. Examworthy is not affiliated with or endorsed by Microsoft. Our questions are original, blueprint-aligned practice material; we never reproduce live exam items.
Examworthy is not affiliated with or endorsed by Microsoft. All questions are original, blueprint-aligned practice material. We never reproduce live exam items. SC-900 and related marks belong to their respective owners.
