Microsoft Security Solutions for Microsoft (SCI) Fundamentals

This page covers the Microsoft Security Solutions domain of the Microsoft (SCI) Fundamentals certification. Master Cybersecurity offers 76 practice questions in this domain, drawn from the same content we use across our timed exam simulations. Below are five sample questions with full answer explanations.

Sample Practice Questions

  1. Question 1

    What can you use to view the Microsoft Secure Score for Devices?
    1. A. Microsoft Defender for Cloud Apps
    2. B. Microsoft Defender for Endpoint
    3. C. Microsoft Defender for Identity
    4. D. Microsoft Defender for Office 365
    Explanation

    The correct answer is: B. Microsoft Defender for Endpoint.

    Microsoft Secure Score for Devices is part of Microsoft Defender for Endpoint. It reflects the security posture of your endpoints (e.g., antivirus, attack surface reduction, EDR) and gives recommendations to improve it. Defender for Cloud Apps (A), Defender for Identity (C), and Defender for Office 365 (D) do not include --Secure Score for Devices--; that metric is in Defender for Endpoint (B). So the service that includes Microsoft Secure Score for Devices is Microsoft Defender for Endpoint (B).

  2. Question 2

    Which security feature is available in the free mode of Microsoft Defender for Cloud?
    1. A. threat protection alerts
    2. B. just-in-time (JIT) VM access to Azure virtual machines
    3. C. vulnerability scanning of virtual machines
    4. D. secure score
    Explanation

    The correct answer is: D. secure score.

    In the free mode of Microsoft Defender for Cloud, secure score is available. It is a measure of your security posture based on recommendations. Threat protection alerts (A), just-in-time (JIT) VM access (B), and vulnerability scanning of VMs (C) typically require enabling paid Defender for Cloud plans (e.g., Defender for Servers). The free tier includes continuous assessment, secure score, and security recommendations, so the security feature available in free mode from this list is secure score (D).

  3. Question 3

    What is the maximum number of resources that Azure DDoS Protection Standard can protect without additional costs?
    1. A. 50
    2. B. 100
    3. C. 500
    4. D. 1000
    Explanation

    The correct answer is: B. 100.

    Azure DDoS Protection Standard allows a set number of protected resources (e.g., public IPs) to be covered under the plan cost. Beyond that, additional resources may incur extra charges. The typical value cited for --included-- or default protected resources is 100 (e.g., 100 public IP addresses). So the maximum number of resources DDoS Protection Standard can protect without additional costs in the standard offering is 100 (B). (Exact included count can vary by offer; 100 is the commonly referenced figure.)

  4. Question 4

    Which Microsoft Defender for Cloud metric displays the overall security health of an Azure subscription?
    1. A. secure score
    2. B. resource health
    3. C. completed controls
    4. D. the status of recommendations
    Explanation

    The correct answer is: A. secure score.

    In Microsoft Defender for Cloud, secure score is the metric that displays the overall security health of an Azure subscription (or management group). It is derived from security recommendations and shows the percentage of recommended controls that are satisfied. Resource health (B) is about availability and health of individual resources. Completed controls (C) and status of recommendations (D) feed into secure score but are not the single --overall security health-- metric; that is secure score (A).

  5. Question 5

    You need to ensure repeatability when creating new resources in an Azure subscription. What should you use?
    1. A. Microsoft Sentinel
    2. B. Azure Policy
    3. C. Azure Batch
    4. D. Azure Blueprints
    Explanation

    The correct answer is: D. Azure Blueprints.

    To ensure repeatability when creating new resources (e.g., same policies, templates, and structure every time), you use Azure Blueprints. A blueprint packages ARM templates, Azure Policy assignments, and resource groups into a single definition that you can version and apply to subscriptions so each new environment is created the same way. Microsoft Sentinel (A) is for SIEM. Azure Policy (B) enforces rules but does not package full deployments. Azure Batch (C) is for batch computing. So for repeatable creation of new resources, you use Azure Blueprints (D).

Other Microsoft (SCI) Fundamentals domains

Practice all 76 Microsoft Security Solutions questions · Browse Microsoft (SCI) Fundamentals