SC-900 Exam Dumps - Microsoft Certified: Security Compliance and Identity Fundamentals Questions and Answers

Microsoft Purview Information Protection (in the Microsoft 365 compliance center) enables you to discover, classify, label, and protect sensitive information across emails, documents, and other data stores. Labels and policies can enforce encryption, access restrictions, and visual markings, helping prevent unauthorized disclosure of sensitive data—inside or outside your organization.

In the Core eDiscovery (Microsoft Purview) workflow, you first create a case, add case members, and then (typically) apply eDiscovery holds to relevant locations to preserve potentially responsive content before you run searches. While a hold isn’t strictly required to execute a search, Microsoft’s documented workflow shows holds occur prior to creating and running content searches so that items aren’t altered or deleted during the investigation. After holds, you create searches, review, and export.

In Microsoft’s Security, Compliance, and Identity learning content and product documentation, Intune administration is performed in the dedicated Intune portal that, for exam and study-guide purposes, is referred to as the Microsoft Endpoint Manager admin center. Microsoft explains that “Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM)” and that “administrators manage Intune in the Intune (Endpoint Manager) admin center, where you configure device enrollment, compliance, apps, and endpoint security.” The admin experience consolidates device, app, and policy management, including device compliance policies, configuration profiles, app protection policies, software update rings, and endpoint security baselines, all from this portal.

By contrast, the Azure Active Directory admin center (Microsoft Entra admin center) is designed for identity and access tasks (users, groups, roles, Conditional Access), not full device/app management. The Microsoft 365 compliance center is focused on data governance and risk (DLP, information protection, eDiscovery, audit), while the Microsoft 365 security center/Defender portal is for security operations and threat protection. Therefore, when the sentence states, “You can manage Microsoft Intune by using the…,” the correct completion—aligned with Microsoft SCI study materials—is Microsoft Endpoint Manager admin center, the portal intentionally built for Intune device and app lifecycle management.

 Enabling multi-factor authentication (MFA) increases the Microsoft Secure Score. Yes

 A higher Microsoft Secure Score means a lower identified risk level in the Microsoft 365 tenant. Yes

 Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance. No

Microsoft Secure Score is a measurement of an organization’s security posture in Microsoft 365. The SCI materials explain that Secure Score is calculated from improvement actions such as requiring multi-factor authentication for users, especially administrators. When you configure and enforce MFA, you complete one of these recommended actions, and Secure Score awards points, so enabling MFA directly increases Microsoft Secure Score.

The documentation further states that Secure Score reflects how many recommended security controls you have implemented. A higher score indicates that more recommended controls are in place, which reduces exposure to common threats and therefore represents a lower residual risk level in the tenant. While it is not an absolute guarantee of security, it is an indicator that risk has been reduced compared to a lower score.

The third statement, however, describes the purpose of Microsoft Purview Compliance Manager and its compliance score, which tracks progress against controls mapped to regulations and standards for data protection and governance. Secure Score does not measure alignment with regulatory frameworks; it is focused on technical security configurations and behaviors in Microsoft 365. Therefore, that statement is No.

In Microsoft’s Security, Compliance, and Identity guidance, the Microsoft Service Trust Portal (STP) is identified as the public destination where Microsoft publishes independent audit reports, compliance certifications, assessment reports, and trust-related documentation for Microsoft cloud services. The documentation explains that the STP provides customers with access to materials such as SOC 1/SOC 2 reports, ISO/IEC certifications, audit summaries, and compliance guides, enabling organizations to evaluate Microsoft’s controls and map them to their own regulatory requirements. The STP is expressly positioned for transparency and due diligence, allowing customers and auditors to review Microsoft’s compliance posture and understand how Microsoft manages security, privacy, and compliance across its cloud platforms.

By contrast, the Microsoft Purview compliance portal is a tenant-admin portal used to configure and manage compliance solutions (e.g., DLP, Information Protection, eDiscovery, Insider Risk, Compliance Manager) within your organization—not a public repository of Microsoft’s audit artifacts. The Microsoft Purview governance portal focuses on data governance and cataloging scenarios. The Azure EA portal is used for Enterprise Agreement billing and usage management. Therefore, the public site for publishing audit reports and other compliance-related information for Microsoft cloud services is the Microsoft Service Trust Portal.

Microsoft’s privacy commitments are framed as principles that include Control, Transparency, Security, Strong legal protections, No content-based targeting, and Benefits to you. Under these commitments, Microsoft emphasizes compliance with regional and sectoral laws: it provides “strong legal protections” for data and commits to handling data “in accordance with applicable laws,” including respecting local privacy and data-protection requirements and supporting cross-border transfers only as permitted by law. The principles also state Microsoft does not use customer content for advertising, and it enables customers to manage their own privacy settings and choices. Therefore:

A is false (Microsoft does collect data but minimizes and protects it).

B is false (Microsoft states no content-based targeting for customer email/chat).

C is false (Microsoft provides settings; customers control them).

D aligns with Microsoft’s principle to respect and comply with applicable local privacy laws.

Microsoft 365 Advanced Audit is a capability of the Microsoft Purview audit solution that enhances auditing by adding additional high-value audit events, extended retention (up to one year by default, longer with add-ons), and intelligent insights. Microsoft documentation explains that Advanced Audit provides Exchange-specific events such as “MailItemsAccessed” and “SearchQueryInitiated”, which log when users access mailbox items and when they initiate a search in Exchange (including Outlook on the web). These records include who performed the action, when it occurred, the client/app used, and other metadata that helps investigations and forensics.

Advanced Audit is not a billing tool; billing information is handled separately in Microsoft 365 admin/billing portals and isn’t part of the audit schema. Likewise, audit logs do not expose message content; they capture activity metadata (actor, operation, workload, timestamp, and parameters) rather than the actual body of emails or file contents. The purpose is to improve auditability and investigation without revealing user content. Therefore, statements about viewing billing details or email contents are No, while identifying mailbox search actions (e.g., a user using the Outlook on the web search bar) is Yes, because Advanced Audit includes the SearchQueryInitiated (Exchange) event that records such activity.

In Microsoft 365 Defender, security signals from across Microsoft 365 services are raised as alerts. Microsoft’s documentation defines an incident as “a collection of correlated alerts” that represent the end-to-end story of an attack. The incident object aggregates the related signals, entities, and evidence so analysts can triage and remediate holistically rather than handling individual alerts in isolation. Microsoft further explains that incidents “group together related alerts, assets, users, and evidence” to reduce noise and provide context for investigation, and that automated correlation “helps SOCs focus on what matters most” by stitching alerts from Defender for Endpoint, Defender for Office 365, Defender for Identity, and Microsoft Defender for Cloud Apps into one case. Within an incident, analysts see a timeline, impacted assets and users, alert details, and recommended actions, and they can trigger response measures (for example, isolate device, block URL/file, or disable user). This contrasts with events (raw telemetry), vulnerabilities (exposure findings managed by Defender Vulnerability Management), and Microsoft Secure Score improvement actions (posture recommendations). Therefore, in the Microsoft 365 Defender portal, an incident is specifically a collection of correlated alerts, designed to streamline investigation and coordinated remediation across the Microsoft 365 security stack.

Microsoft Purview Compliance Manager is designed to give organizations a continuous view of their compliance posture. In Microsoft’s Security, Compliance, and Identity guidance, Compliance Manager is described as a capability that assesses your compliance posture against regulatory standards and data protection baselines and updates the compliance score as you implement or fail controls. The platform aggregates signals from assessments, controls, and improvement actions, then recalculates your compliance score as evidence is collected and actions are marked complete or tested. Because these evaluations are tied to live improvement actions and mapped controls (such as access, data protection, and governance controls), your organization’s status isn’t limited to a fixed reporting cycle; rather, it reflects ongoing progress and gaps across supported regulations and standards.

SCI study materials also emphasize that the score is not a one-time audit: it’s a running indicator of risk reduction and control implementation. As you address recommendations, add or update evidence, or connect automated tests where available, the score and related dashboards refresh to show the latest compliance state. This makes Compliance Manager suitable for continuous assessment, enabling organizations to monitor posture, prioritize work, and demonstrate incremental improvements over time—hence, it assesses compliance data continually for an organization.