SC-900 Study Guide 2026

Everything you need to pass the SC-900 exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.

📋 SC-900 Exam Format at a Glance

45
Questions
45 min
Time Limit
70%
Passing Score

📚 SC-900 Topics to Study (15)

✍️ Sample SC-900 Questions & Answers

1. Which log source does Cloud Discovery in Microsoft Defender for Cloud Apps use to identify cloud apps in use?
Firewall and proxy traffic logs

Cloud Discovery analyzes firewall and proxy traffic logs uploaded by the administrator or streamed automatically to discover cloud app usage across the organization.

2. What is a key difference between a DLP policy and a sensitivity label?
DLP policies prevent data exfiltration from locations, while sensitivity labels classify and protect the data itself.

While both are part of information protection, their focus is different. Sensitivity labels classify and apply persistent protection (like encryption) to the data itself, wherever it goes. DLP policies focus on the context of data sharing, preventing data exfiltration from specific locations like email or Teams based on rules.

3. When creating a DLP policy, you must specify where it applies. Which of the following are valid locations for a DLP policy?
Exchange Online, SharePoint Online, and Microsoft Teams

DLP policies can be scoped to protect data across various Microsoft 365 services. This includes Exchange Online for emails, SharePoint Online and OneDrive for Business for files, and Microsoft Teams for chats and channel messages.

4. You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?
defense in depth

Defense in depth is a security methodology that employs multiple, overlapping layers of security controls throughout an IT infrastructure. The principle is that if one security layer fails, another layer will still be in place to provide protection. This approach creates a robust and resilient security posture, making it significantly more difficult for attackers to breach the entire system.

5. Scenario: A company is enhancing security measures to prevent unauthorized access to critical systems. Which authentication method should they employ to require multiple forms of verification?
Multi-factor authentication (MFA)

Multi-factor authentication (MFA) significantly enhances security by requiring users to provide two or more distinct forms of verification to gain access. This typically combines something they know (like a password) with something they have (like a phone or token) or something they are (like a fingerprint). By adding multiple layers, MFA drastically reduces the risk of unauthorized access, even if one factor is compromised.

6. How does Microsoft Sentinel collect log data from various sources like Azure services, Microsoft 365, and on-premises systems?
By configuring data connectors

Data connectors are the built-in components used to ingest data from a wide range of Microsoft and third-party sources into Microsoft Sentinel. They simplify the process of connecting data sources to the Log Analytics workspace that Sentinel uses.

🎯 Free SC-900 Practice Tests

📖 SC-900 Guides & Articles

Your SC-900 Study Path
1. Learn with Flashcards → 2. Drill Practice Tests → 3. Take the Full Exam Simulation
SC-900 Study Guide 2026 — Exam Format, Topics & Practice Questions