SC-900 - Microsoft Security, Compliance, and Identity Fundamentals Identity Protection and Governance Questions and Answers

Question 1

An organization is using Microsoft Entra ID Protection and has configured risk policies.
A user's sign-in attempt is flagged with a high 'sign-in risk', but their overall 'user risk' level remains low.
Which of the following events would MOST likely trigger a high sign-in risk without immediately elevating the user risk?

Accepted Answer

A sign-in is attempted from an IP address associated with a TOR browser.

Answer

The user successfully signs in from a new country while on vacation.

Answer

The user's password was discovered in a public data breach from another service.

Answer

The user repeatedly fails multi-factor authentication prompts over several hours.

Question 2

A company wants to streamline access requests for a new marketing project. They need to bundle access to a specific SharePoint site, a Microsoft Team, and a SaaS application into a single requestable unit. They also want managers to approve these requests and for the access to automatically expire after 90 days. Which Microsoft Entra ID Governance feature is designed for this specific purpose?

Accepted Answer

Entitlement Management

Answer

Conditional Access Policies

Answer

Access Reviews

Answer

Privileged Identity Management (PIM)

Question 3

An administrator is tasked with configuring Microsoft Entra Privileged Identity Management (PIM) for the Global Administrator role. The goal is to ensure that when a user activates this role, they must provide a business justification and also complete a multi-factor authentication (MFA) challenge. Where in the Microsoft Entra admin center would the administrator configure these activation requirements?

Accepted Answer

In the PIM role settings for the Global Administrator role

Answer

In the role's Conditional Access policy

Answer

In the user's authentication methods policy

Answer

In the access review policy for administrative roles

Question 4

An IT manager wants to ensure that access to a critical financial application is reviewed every quarter. They want the direct manager of each user to be responsible for approving or denying their subordinate's continued access. Which Microsoft Entra feature should be used to automate this periodic certification process?

Accepted Answer

Access Reviews

Answer

Entitlement Management

Answer

Conditional Access

Answer

Microsoft Entra ID Protection

Question 5

An administrator is creating several new Conditional Access policies and wants to understand their combined impact on a specific user's sign-in to Microsoft Teams from an unmanaged device. Which tool should the administrator use to simulate this scenario without affecting any users?

Accepted Answer

The What If tool

Answer

Microsoft Entra ID Protection risk reports

Answer

Sign-in logs

Answer

Access Reviews

Question 6

Which of the following components are defined within an access package in Microsoft Entra entitlement management?

Accepted Answer

A bundle of resource roles and one or more policies for access

Answer

A collection of users and devices

Answer

A set of Conditional Access conditions and controls

Answer

A schedule for just-in-time role activation