Security, Compliance, and Identity for Microsoft (SCI) Fundamentals

This page covers the Security, Compliance, and Identity domain of the Microsoft (SCI) Fundamentals certification. Master Cybersecurity offers 62 practice questions in this domain, drawn from the same content we use across our timed exam simulations. Below are five sample questions with full answer explanations.

Sample Practice Questions

  1. Question 1

    Which two cards are available in the Microsoft 365 Defender portal? Each correct answer presents a complete solution.
    1. A. Devices at risk
    2. B. Compliance Score
    3. C. Service Health
    4. D. User Management
    5. E. Users at risk
    Explanation

    The correct answers are: A. Devices at risk, E. Users at risk.

    In the Microsoft 365 Defender portal, the dashboard includes cards such as Devices at risk (A) and Users at risk (E)--showing endpoints and identities that need attention. Compliance Score (B) is in the compliance (Purview) portal, not the Defender portal. Service Health (C) is in the Microsoft 365 admin center. User Management (D) is in the Entra (Azure AD) admin center. So the two cards available in the Microsoft 365 Defender portal from this list are Devices at risk (A) and Users at risk (E).

  2. Question 2

    What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?
    1. A. operating systems
    2. B. network controls
    3. C. applications
    4. D. accounts and identities
    Explanation

    The correct answer is: D. accounts and identities.

    In a Software as a Service model, the cloud provider manages the application, the platform it runs on, and all underlying infrastructure — operating systems, network controls, middleware, runtime, hardware, and the datacenter. The customer is responsible for accounts and identities (who has access, MFA, conditional access), the data they put into the service, and the devices users connect with. Operating systems, network controls, and applications are the provider's responsibility under SaaS. The customer's slice is identity, data, and end-user devices — and accounts and identities are the answer that captures that responsibility from this option set.

  3. Question 3

    Which statement represents a Microsoft privacy principle?
    1. A. Microsoft manages privacy settings for its customers.
    2. B. Microsoft respects the local privacy laws that are applicable to its customers.
    3. C. Microsoft uses hosted customer email and chat data for targeted advertising.
    4. D. Microsoft does not collect any customer data.
    Explanation

    The correct answer is: B. Microsoft respects the local privacy laws that are applicable to its customers..

    A core Microsoft privacy principle is that Microsoft respects the local privacy laws that apply to its customers (e.g., GDPR, local data protection laws). Microsoft does not manage privacy settings for customers (A)--customers control their settings. Microsoft does not use customer email/chat data for targeted advertising (C). Microsoft does collect some data for service operation and improvement (D is false). So the statement that represents a Microsoft privacy principle is B--Microsoft respects applicable local privacy laws.

  4. Question 4

    Which pillar of identity relates to tracking the resources accessed by a user?
    1. A. authorization
    2. B. auditing
    3. C. administration
    4. D. authentication
    Explanation

    The correct answer is: B. auditing.

    The four pillars of identity are administration, authentication, authorization, and auditing. Auditing is the pillar that tracks the resources accessed by a user — sign-in logs, audit logs, and access logs that record who accessed what and when. Authorization decides what a user is allowed to access but does not, by itself, track ongoing usage. Administration covers managing identities, groups, and access. Authentication verifies who the user is at the moment of sign-in. Only auditing creates the durable record of resource access activity that organizations need for security investigations and compliance reporting.

  5. Question 5

    What can be created in Active Directory Domain Services (AD DS)?
    1. A. line-of-business (LOB) applications that require modern authentication
    2. B. computer accounts
    3. C. software as a service (SaaS) applications that require modern authentication
    4. D. mobile devices
    Explanation

    The correct answer is: B. computer accounts.

    Active Directory Domain Services manages directory objects: user accounts, computer accounts, security and distribution groups, organizational units, and group policy objects. From this list, computer accounts are the AD DS object type — every domain-joined Windows machine has one, used to authenticate the device to the domain and apply machine policy. Line-of-business applications and SaaS applications are software, not directory objects; modern apps that need to authenticate against AD or Azure AD are registered as service principals rather than created in AD DS. Mobile devices are managed through Intune or Azure AD device registration, not via AD DS computer accounts.

Other Microsoft (SCI) Fundamentals domains

Practice all 62 Security, Compliance, and Identity questions · Browse Microsoft (SCI) Fundamentals