SC-900 Study Guide 2026
Everything you need to pass the SC-900 exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 SC-900 Exam Format at a Glance
📚 SC-900 Topics to Study (15)
✍️ Sample SC-900 Questions & Answers
1. Which log source does Cloud Discovery in Microsoft Defender for Cloud Apps use to identify cloud apps in use?
Cloud Discovery analyzes firewall and proxy traffic logs uploaded by the administrator or streamed automatically to discover cloud app usage across the organization.
2. What is a key difference between a DLP policy and a sensitivity label?
While both are part of information protection, their focus is different. Sensitivity labels classify and apply persistent protection (like encryption) to the data itself, wherever it goes. DLP policies focus on the context of data sharing, preventing data exfiltration from specific locations like email or Teams based on rules.
3. When creating a DLP policy, you must specify where it applies. Which of the following are valid locations for a DLP policy?
DLP policies can be scoped to protect data across various Microsoft 365 services. This includes Exchange Online for emails, SharePoint Online and OneDrive for Business for files, and Microsoft Teams for chats and channel messages.
4. You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?
Defense in depth is a security methodology that employs multiple, overlapping layers of security controls throughout an IT infrastructure. The principle is that if one security layer fails, another layer will still be in place to provide protection. This approach creates a robust and resilient security posture, making it significantly more difficult for attackers to breach the entire system.
5. Scenario: A company is enhancing security measures to prevent unauthorized access to critical systems. Which authentication method should they employ to require multiple forms of verification?
Multi-factor authentication (MFA) significantly enhances security by requiring users to provide two or more distinct forms of verification to gain access. This typically combines something they know (like a password) with something they have (like a phone or token) or something they are (like a fingerprint). By adding multiple layers, MFA drastically reduces the risk of unauthorized access, even if one factor is compromised.
6. How does Microsoft Sentinel collect log data from various sources like Azure services, Microsoft 365, and on-premises systems?
Data connectors are the built-in components used to ingest data from a wide range of Microsoft and third-party sources into Microsoft Sentinel. They simplify the process of connecting data sources to the Log Analytics workspace that Sentinel uses.