SC-900 Exam Information and Guideline
Microsoft Security, Compliance, and Identity Fundamentals
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Exam Code: SC-900
Exam Name: Microsoft Security, Compliance, and Identity Fundamentals
Certification: Microsoft Certified: Security, Compliance, and Identity Fundamentals
Level: Fundamental (Beginner-friendly)
Duration: 60 minutes
Number of Questions: 40-60 questions (multiple-choice, drag-and-drop, case studies)
Passing Score: 700/1000 (scored on a scale of 1-1000)
Describe the concepts of security, compliance, and identity (10–15%)
Describe the capabilities of Microsoft Entra (25–30%)
Describe the capabilities of Microsoft security solutions (35–40%)
Describe the capabilities of Microsoft compliance solutions (20–25%)
Describe the concepts of security, compliance, and identity (10–15%)
- security and compliance concepts
- the shared responsibility model
- defense-in-depth
- the Zero Trust model
- encryption and hashing
- Governance, Risk, and Compliance (GRC) concepts
- identity concepts
- identity as the primary security perimeter
- authentication
- authorization
- identity providers
- the concept of directory services and Active Directory
- the concept of federation
Describe the capabilities of Microsoft Entra (25–30%)
- function and identity types of Microsoft Entra ID
- Microsoft Entra ID
- types of identities
- hybrid identity
- authentication capabilities of Microsoft Entra ID
- the authentication methods
- multi-factor authentication (MFA)
- password protection and management capabilities
- access management capabilities of Microsoft Entra ID
- Conditional Access
- Microsoft Entra roles and role-based access control (RBAC)
- identity protection and governance capabilities of Microsoft Entra
- Microsoft Entra ID Governance
- access reviews
- the capabilities of Microsoft Entra Privileged Identity Management
- Microsoft Entra ID Protection
- Microsoft Entra Permissions Management
- the capabilities of Microsoft security solutions (35–40%)
- core infrastructure security services in Azure
- Azure distributed denial-of-service (DDoS) Protection
- Azure Firewall
- Web Application Firewall (WAF)
- network segmentation with Azure virtual networks
- network security groups (NSGs)
- Azure Bastion
- Azure Key Vault
- security management capabilities of Azure
- Microsoft Defender for Cloud
- Cloud Security Posture Management (CSPM)
- how security policies and initiatives improve the cloud security posture
- enhanced security features provided by cloud workload protection
- capabilities of Microsoft Sentinel
- security information and event management (SIEM) and security orchestration automated response (SOAR)
- threat detection and mitigation capabilities in Microsoft Sentinel
- threat protection with Microsoft Defender XDR
- Microsoft Defender XDR services
- Microsoft Defender for Office 365
- Microsoft Defender for Endpoint
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Identity
- Microsoft Defender Vulnerability Management
- Microsoft Defender Threat Intelligence (Defender TI)
- the Microsoft Defender portal
Describe the capabilities of Microsoft compliance solutions (20–25%)
- Microsoft Service Trust Portal and privacy principles
- the Service Trust Portal offerings
- the privacy principles of Microsoft
- Microsoft Priva
- compliance management capabilities of Microsoft Purview
- the Microsoft Purview compliance portal
- Compliance Manager
- the uses and benefits of compliance score
- information protection, data lifecycle management, and data governance capabilities of Microsoft Purview
- the data classification capabilities
- the benefits of Content explorer and Activity explorer
- sensitivity labels and sensitivity label policies
- data loss prevention (DLP)
- records management
- retention policies, retention labels, and retention label policies
- unified data governance solutions in Microsoft Purview
- insider risk, eDiscovery, and audit capabilities in Microsoft Purview
- insider risk management
- eDiscovery solutions in Microsoft Purview
- audit solutions in Microsoft Purview