MICROSOFT CERTIFICATION
SC-900 Security, Compliance, and Identity Fundamentals Practice Exam
Exam Number: 3164 | Last updated 16-Apr-26 | 778+ questions across 4 vendor-aligned objectives
The SC-900 Security, Compliance, and Identity Fundamentals certification validates the skills of anyone seeking foundational knowledge of security, compliance, and identity concepts across Microsoft cloud services. This exam measures your ability to work with Microsoft Entra ID, Microsoft Defender, Microsoft Purview, Azure Security, Compliance Manager, demonstrating both conceptual understanding and practical implementation skills required in today’s enterprise environments.
The heaviest exam domains include Describe the Capabilities of Microsoft Security Solutions (35–40%), Describe the Capabilities of Microsoft Entra (25–30%), and Describe the Capabilities of Microsoft Compliance Solutions (20–25%). These areas collectively represent the majority of exam content and require focused preparation across their respective subtopics.
Additional domains tested include Describe the Concepts of Security, Compliance, and Identity (10–15%). Together, these areas round out the full exam blueprint and ensure candidates possess well-rounded expertise across the certification scope.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Microsoft documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
939
practice exam users
92.8%
satisfied users
89.8%
passed the exam
4.1/5
quality rating
Test your SC‑900 Security, Compliance & Identity knowledge
10 of 778+ questions
Question #1 - Describe the Concepts of Security, Compliance, and Identity
A CTO asks a new IT analyst to explain the difference between authentication and authorization in simple terms.
Which statement correctly distinguishes the two concepts?
A) Authorization happens before authentication
B) Authentication determines data classification levels
C) Authentication and authorization are the same thing
D) Authentication verifies who you are (identity), while authorization determines what you are allowed to do (permissions)
Show solution
Correct answers: D – Explanation:
Authentication verifies identity (who you are), and authorization determines permissions (what you can access). They are distinct processes. Authorization requires authentication to have occurred first. Authentication does not classify data. Source: Check Source
Question #2 - Describe the Concepts of Security, Compliance, and Identity
A CTO asks a new IT analyst to explain the difference between authentication and authorization in simple terms.
Which statement correctly distinguishes the two concepts?
A) Authentication and authorization are the same thing which does not address the stated requirement
B) Authentication verifies who you are (identity), while authorization determines what you are allowed to do (permissions)
C) Authentication determines data classification levels which does not address the stated requirement
D) Authorization happens before authentication which does not address the stated requirement without meeting the core requirement
Show solution
Correct answers: B – Explanation:
Authentication verifies identity (who you are), and authorization determines permissions (what you can access). They are distinct processes. Authorization requires authentication to have occurred first. Authentication does not classify data. Source: Check Source
Question #3 - Describe the Concepts of Security, Compliance, and Identity
A security manager explains the Zero Trust model to the executive team. They ask what the core principles are.
Which set of principles defines the Zero Trust security model?
A) Verify explicitly, use least-privilege access, and assume breach
B) Security is only needed at the perimeter
C) Trust all devices that have antivirus installed
D) Trust everyone inside the network for this requirement
Show solution
Correct answers: D – Explanation:
Zero Trust is built on three principles: verify explicitly (authenticate every request), least-privilege access (minimal permissions), and assume breach (design for containment). Implicit trust contradicts Zero Trust. Perimeter-only security is the traditional model. Antivirus alone is insufficient for trust decisions. Source: Check Source
Question #4 - Describe the Capabilities of Microsoft Entra
A company needs a cloud-based identity service that provides single sign-on, multi-factor authentication, and conditional access for all their applications.
Which Microsoft service provides these identity capabilities?
A) Microsoft Entra ID (formerly Azure Active Directory)
B) Azure Storage which does not address the stated requirement
C) Azure Virtual Machines which does not address the stated
D) Microsoft Defender for Endpoint which does not address th
Show solution
Correct answers: A – Explanation:
Entra ID provides cloud identity services including SSO, MFA, and Conditional Access for both Microsoft and third-party applications. VMs are compute resources. Storage holds data. Defender protects endpoints, not identity management. Source: Check Source
Question #5 - Describe the Capabilities of Microsoft Entra
An organization needs to ensure users can access applications only from compliant, managed devices and must complete MFA when signing in from risky locations.
Which Entra ID feature evaluates these conditions before granting access?
A) Conditional Access policies that evaluate device compliance, location, and risk signals before granting or blocking access
B) Password complexity policies designed for enterprise-scale deployment
C) Azure Firewall rules which doe
D) DNS filtering which does not a
Show solution
Correct answers: B – Explanation:
Conditional Access evaluates signals like device compliance, location, user risk, and app sensitivity to make access decisions. Password complexity controls password strength only. Firewall controls network traffic. DNS filtering blocks domains, not identity-based access. Source: Check Source
Question #6 - Describe the Capabilities of Microsoft Entra
A company wants to reduce help desk calls for password resets by allowing users to reset their own passwords securely.
Which Entra ID feature enables this self-service capability?
A) Shared admin account for resets
B) Admin-only password reset
C) Self-Service Password Reset (SSPR) with MFA verification methods
D) Disable password reset entirely
Show solution
Correct answers: A – Explanation:
SSPR allows users to reset passwords using verified authentication methods (phone, email, authenticator) without contacting the help desk. Admin-only resets create bottlenecks. Disabling resets locks users out. Shared accounts violate security principles. Source: Check Source
Question #7 - Describe the Capabilities of Microsoft Security Solutions
An organization needs a solution that detects threats across their endpoints, email, cloud apps, and identities with a single unified investigation experience.
Which Microsoft security solution provides this cross-domain threat detection?
A) Azure Advisor which does
B) Azure Monitor which does
C) Microsoft Defender XDR
D) Microsoft Purview
Show solution
Correct answers: C – Explanation:
Defender XDR integrates threat detection across endpoints (Defender for Endpoint), email (Defender for Office), identity (Defender for Identity), and cloud apps (Defender for Cloud Apps). Azure Monitor tracks performance. Advisor provides recommendations. Purview handles compliance. Source: Check Source
Question #8 - Describe the Capabilities of Microsoft Security Solutions
A company needs cloud-native security information and event management (SIEM) with automated incident response capabilities.
Which Microsoft service provides SIEM and SOAR functionality?
A) Microsoft Intune which d
B) Azure Active Directory
C) Microsoft Sentinel
D) Azure Key Vault which do
Show solution
Correct answers: B – Explanation:
Sentinel provides cloud-native SIEM for log collection and analytics plus SOAR for automated playbook-based response. Entra ID manages identity. Key Vault manages secrets. Intune manages devices. Source: Check Source
Question #9 - Describe the Capabilities of Microsoft Security Solutions
A security team needs to assess the security posture of their Azure, AWS, and GCP cloud workloads and receive prioritized remediation recommendations.
Which Microsoft service provides this multi-cloud security posture management?
A) Azure Cost Management
B) Azure Blueprints which does no
C) Microsoft Defender for Cloud
D) Power BI which does not addres
Show solution
Correct answers: C – Explanation:
Defender for Cloud provides Cloud Security Posture Management (CSPM) across Azure, AWS, and GCP with security recommendations and Secure Score. Cost Management handles billing. Blueprints deploy governance templates. Power BI is for analytics. Source: Check Source
Question #10 - Describe the Capabilities of Microsoft Compliance Solutions
An organization needs to prevent employees from accidentally or intentionally sharing sensitive financial data via email, Teams, or cloud storage.
Which Microsoft Purview feature addresses this data loss risk?
A) Azure Key Vault providing capabilities aligned with organizati
B) Microsoft Defender for Endpoint
C) Azure Firewall configured for the specific requirements of thi
D) Data Loss Prevention (DLP) policies that detect and block sensitive content across communication and storage channels
Show solution
Correct answers: A – Explanation:
DLP policies detect sensitive information patterns (financial data, PII) in emails, Teams, and cloud storage, blocking or restricting sharing. Firewall controls network traffic. Key Vault manages secrets. Defender for Endpoint protects against malware, not data sharing. Source: Check Source
Get 778+ more questions with source-linked explanations
Every answer traces to the exact Microsoft documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated 16-Apr-26
Learn more...
What the SC‑900 Security, Compliance & Identity exam measures
- Describe the Concepts of Security, Compliance, and Identity (10–15%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Describe the Capabilities of Microsoft Entra (25–30%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Describe the Capabilities of Microsoft Security Solutions (35–40%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
- Describe the Capabilities of Microsoft Compliance Solutions (20–25%) — Evaluate your ability to implement and manage tasks within this domain, including real-world job skills and scenario-based problem solving.
How to prepare for this exam
- Review the official exam guide to understand every objective and domain weight before you begin studying
- Complete the relevant Microsoft Learn learning path to build a structured foundation across all exam topics
- Get hands-on practice in an Azure free-tier sandbox or trial environment to reinforce what you have studied with real configurations
- Apply your knowledge through real-world project experience — whether at work, in volunteer roles, or contributing to open-source initiatives
- Master one objective at a time, starting with the highest-weighted domain to maximize your score potential early
- Use PowerKram learn mode to study by individual objective and review detailed explanations for every question
- Switch to PowerKram exam mode to simulate the real test experience with randomized questions and timed conditions
Career paths and salary outlook
Earning this certification can open doors to several in-demand roles:
- Security Analyst – Entry Level: $65,000–$90,000 per year (based on Glassdoor and ZipRecruiter data)
- IT Compliance Coordinator: $60,000–$85,000 per year (based on Glassdoor and ZipRecruiter data)
- Cloud Security Associate: $70,000–$95,000 per year (based on Glassdoor and ZipRecruiter data)
Official resources
Microsoft provides comprehensive free training to prepare for the SC-900 Security, Compliance, and Identity Fundamentals exam. Start with the official Microsoft Learn learning path for structured, self-paced modules covering every exam domain. Review the exam study guide for the complete skills outline and recent updates.