SC-900 Cheat Sheet 2026

The 30 highest-yield SC-900 facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

45 questions
45 min time limit
70% to pass
  1. Microsoft Defender for Cloud can protect resources in which of the following environments? Azure, AWS, Google Cloud, and on-premises
  2. What type of security solution is Microsoft Defender for Cloud Apps primarily classified as? Cloud Access Security Broker (CASB)
  3. What Microsoft 365 Defender capability does Microsoft Defender for Cloud Apps contribute to when integrated into the unified security operations platform? Cross-domain threat signals for extended detection and response (XDR)
  4. Which of the following is NOT one of the four pillars of the Cloud Access Security Broker (CASB) framework that Defender for Cloud Apps provides? Network Segmentation
  5. What term describes the use of unauthorized or unapproved cloud applications within an organization that Defender for Cloud Apps helps identify? Shadow IT
  6. How does the 'History' tab and benchmark comparison feature in Secure Score help security administrators? By tracking score changes over time and comparing against similar organizations.
  7. What is the primary goal of Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint? To prevent malware from running by blocking common malicious behaviors.
  8. Which of the following can be accomplished with the use of the Azure Privileged Identity Management Service? Provide just-in-time access to resources roles in Azure
  9. What is the primary goal of a Microsoft Purview Data Loss Prevention (DLP) policy? To prevent the unintentional sharing of sensitive information
  10. Which Microsoft Defender for Endpoint capability is designed to discover, prioritize, and remediate software vulnerabilities and misconfigurations on devices? Threat & Vulnerability Management
  11. When an Insider Risk Management policy generates a high-severity alert, what is the typical next step in the built-in workflow? The alert is triaged, and an investigator can create a case for deeper analysis.
  12. Which of the following best describes a 'control' in the context of Microsoft Purview Compliance Manager? A requirement of a regulation or standard.
  13. Where are the protection settings, such as encryption and access rights, for a sensitivity label defined? In the Microsoft Purview compliance portal
  14. What does a 'File Policy' in Microsoft Defender for Cloud Apps allow an organization to do? Scan files stored in connected cloud apps and apply governance actions based on content
  15. In the context of Microsoft Secure Score, what is an 'improvement action'? A recommended configuration task that will improve the security score when completed.
  16. Which Microsoft Defender for Cloud Apps capability allows administrators to set policies that trigger alerts when unusual user behavior is detected? Anomaly Detection Policies
  17. A security analyst wants to proactively search for new and unknown threats in their organization's data. Which Microsoft Sentinel feature should they use? Hunting
  18. What is the function of assessment templates in Compliance Manager? To provide frameworks for assessing compliance against specific regulations.
  19. What does Conditional Access App Control in Microsoft Defender for Cloud Apps enable? Real-time session monitoring and control of user activity in cloud apps
  20. What is the primary function of Cloud Security Posture Management (CSPM) within Microsoft Defender for Cloud? To identify and remediate security misconfigurations across cloud resources.
  21. An organization wants to ensure that all documents containing a passport number are automatically labeled as 'Highly Confidential'. What feature enables this? Automatic sensitivity labeling policies
  22. Which Defender for Cloud Apps capability helps detect when a user account may have been compromised by analyzing impossible travel scenarios? Anomaly Detection — Impossible Travel
  23. How does Microsoft Sentinel collect log data from various sources like Azure services, Microsoft 365, and on-premises systems? By configuring data connectors
  24. Which feature of Microsoft Defender for Cloud Apps helps organizations discover unsanctioned cloud applications being used by employees? Cloud Discovery
  25. Which of the following provides: "an end to end workflow to preserve, collect, analyze, review and export content in MS365"? Advanced eDiscovery
  26. Match Microsoft 365 insider risk management workflow step to the appropriate task. "Create cases in the Case dashboard" Investigate
  27. What is the purpose of the secure score in Microsoft Defender for Cloud? To measure and track the security posture of your cloud environment.
  28. In the context of Microsoft Defender for Cloud Apps, what does 'sanctioning' a cloud application mean? Officially approving an app for use within the organization
  29. Microsoft Secure Score provides a holistic view by providing recommendations across which set of categories? Identity, Devices, and Apps.
  30. What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware? Microsoft Defender for Office 365
Turn these facts into recall: