Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
Cheat sheet

Microsoft SC-900 Cheat Sheet

Practice QuestionsStudy Guide

SCI Concepts

10-15%of exam

Shared ResponsibilityZero TrustGRCAuthN vs AuthZEncryption

Microsoft Entra

25-30%of exam

Entra IDAuthenticationAccess ManagementIdentity GovernanceIdentity Picker

Microsoft Security

35-40%of exam

Azure SecurityDefender for CloudSentinelDefender XDRSecurity Picker

Microsoft Compliance

20-25%of exam

Service TrustPurviewPrivaDLPCompliance Picker

Quick Facts

Exam
SC-900
Credential
SCI Fundamentals
Time
45 min
Pass
700/1000
Level
Beginner
Provider
Pearson VUE
Blueprint
Nov 7 2025
Skill
Match capability

Zero Trust

Verify, least privilege, assume breach

Verify explicitlyLeast privilegeAssume breach

AuthN vs AuthZ

AuthN

  • Proves identity
  • Before access
  • Passwords MFA certs

AuthZ

  • Grants actions
  • After authentication
  • Roles permissions scopes

Who vs what

Security Concepts

Shared responsibility
Provider plus customer
Defense in depth
Layered controls
Zero Trust
Never trust automatically
Least privilege
Minimum required access
Assume breach
Limit blast radius
GRC
Govern risk comply
CIA
Confidentiality integrity availability
Perimeter
Identity now central

Hashing vs Encryption

Hashing

  • One-way
  • Fixed digest
  • Integrity proof

Encryption

  • Reversible
  • Key required
  • Confidentiality protection

Verify vs hide

Crypto + Identity

Encryption
Reversible with key
Hashing
One-way digest
At rest
Stored data
In transit
Moving data
In use
Processing data
Authentication
Proves identity
Authorization
Grants actions
Federation
Trusted identity provider

Entra Flow

Identity -> AuthN -> CA -> AuthZ

Identity: whoAuthN: proveCA: decideAuthZ: allow

Entra Roles vs RBAC

Entra roles

  • Directory actions
  • Users groups apps
  • Tenant scope

Azure RBAC

  • Resource actions
  • Subscriptions resources
  • Azure scope

Directory vs resources

Identity Picker

  1. Need cloud identityEntra ID
  2. Require extra proofMFA
  3. Forget passwordsSSPR
  4. Context-based accessConditional Access
  5. Temporary adminPIM
  6. Review accessAccess reviews
  7. Detect identity riskID Protection
  8. Package accessEntitlement management

Entra Basics

Entra ID
Cloud identity
Tenant
Dedicated directory
User
Human identity
Group
Identity collection
Device
Managed endpoint
Service principal
App identity
Managed identity
Azure resource identity
Hybrid identity
Cloud plus on-prem

Conditional Access vs PIM

Conditional Access

  • Access conditions
  • Signals decisions
  • Grant block require

PIM

  • Privileged roles
  • Just-in-time
  • Approval activation

Access gate vs admin elevation

Authentication

MFA
Extra verification
Passwordless
No password login
FIDO2
Security key
Authenticator
Phone approval
SSPR
User password reset
Password Protection
Block weak passwords
Smart lockout
Brute-force defense
SSO
One sign-in

Access + Governance

Conditional Access
Signal-based policy
Entra roles
Directory permissions
Azure RBAC
Resource permissions
PIM
Just-in-time admin
Access reviews
Periodic access checks
Entitlement management
Access packages
ID Protection
Risk detection
Lifecycle workflows
Joiner mover leaver

Defender Map

Cloud, endpoint, email, apps, identity

Cloud: postureEndpoint: devicesO365: emailApps: SaaS

Defender Cloud vs Sentinel

Defender Cloud

  • Cloud posture
  • Workload protection
  • Recommendations

Sentinel

  • SIEM SOAR
  • Cross-source detection
  • Playbooks

Posture vs operations

Security Picker

  1. Cloud postureDefender for Cloud
  2. Security scoreDefender for Cloud
  3. SIEM neededSentinel
  4. Automate responseSentinel playbooks
  5. Endpoint threatsDefender Endpoint
  6. Email attacksDefender Office 365
  7. SaaS discoveryDefender Cloud Apps
  8. Legacy AD attacksDefender Identity

Azure Security

DDoS Protection
Volumetric attack defense
Azure Firewall
Network filtering
WAF
Web app protection
VNet
Network segmentation
NSG
Subnet NIC rules
Bastion
Private VM access
Key Vault
Secrets keys certs
Private Link
Private service access

Firewall vs WAF

Azure Firewall

  • Network traffic
  • Layer 3-7
  • Central filtering

WAF

  • HTTP apps
  • OWASP defense
  • Web exploits

Network vs web

Defender for Cloud

Defender for Cloud
Cloud security management
CSPM
Posture management
CWPP
Workload protection
Secure score
Posture metric
Recommendations
Hardening actions
Security policy
Govern standards
Regulatory compliance
Framework mapping
Workload alerts
Threat notifications

Microsoft Sentinel

Sentinel
Cloud SIEM SOAR
SIEM
Collect correlate detect
SOAR
Automate response
Connectors
Data ingestion
Analytics rules
Detect threats
Incidents
Grouped alerts
Workbooks
Visual investigation
Playbooks
Automated actions

Defender XDR

Defender XDR
Unified detection response
Defender portal
Security operations hub
Endpoint
Device protection
Office 365
Email collaboration protection
Cloud Apps
SaaS app protection
Identity
AD signal protection
Vulnerability Mgmt
Exposure discovery
Defender TI
Threat intelligence

Purview Map

Classify, protect, retain, investigate

Labels classifyDLP protectsRetention keepseDiscovery investigates

DLP vs Retention

DLP

  • Prevent sharing
  • Sensitive data
  • Policy tips

Retention

  • Keep delete
  • Lifecycle rules
  • Records support

Leakage vs lifecycle

Compliance Picker

  1. Need audit reportsService Trust
  2. Track compliance tasksCompliance Manager
  3. Classify documentsSensitivity labels
  4. Stop leakageDLP
  5. Keep contentRetention policy
  6. Declare recordsRecords management
  7. Legal investigationeDiscovery
  8. Privacy requestsPriva

Trust + Privacy

Service Trust
Audit compliance reports
Compliance offerings
Certifications attestations
Trust documents
Independent audit evidence
Privacy principles
Control and transparency
Priva
Privacy risk management
Subject rights
Data request handling
Data minimization
Reduce personal data
Privacy assessment
Risk discovery

Content vs Activity Explorer

Content explorer

  • Inspect items
  • Sensitive content
  • Label visibility

Activity explorer

  • Inspect actions
  • User activity
  • Label events

Data vs behavior

Purview Governance

Purview portal
Compliance management hub
Compliance Manager
Assessment workflow
Compliance score
Improvement measure
Data classification
Find sensitive data
Content explorer
Inspect labeled data
Activity explorer
Inspect user activity
Data map
Govern data estate
Catalog
Discover data assets

Purview Protection

Sensitivity labels
Classify and protect
Label policies
Publish labels
DLP
Prevent data leakage
Retention policies
Keep or delete
Retention labels
Item-level retention
Records management
Declare records
Insider risk
Risky user detection
eDiscovery
Legal evidence search
Audit
Activity log review

Common Traps

Identity vs permission

Entra signs in RBAC grants actions

Hash vs encrypt

Hash cannot reverse Encryption can reverse

Role scope trap

Entra controls directory RBAC controls resources

Posture vs SIEM

Defender Cloud hardens Sentinel detects broadly

WAF vs firewall

WAF protects HTTP Firewall filters network

DLP vs labels

Labels classify content DLP blocks movement

Retention vs records

Retention keeps deletes Records declare items

Trust vs compliance

Service Trust shows reports Compliance Manager tracks tasks

Last Minute

  1. 1.Weights: 10-15 / 25-30 / 35-40 / 20-25
  2. 2.AuthN proves; AuthZ permits
  3. 3.Zero Trust: verify least assume
  4. 4.Hash = one-way digest
  5. 5.Encryption = reversible with key
  6. 6.Entra ID = cloud identity
  7. 7.CA = signal-based access
  8. 8.PIM = temporary privileged roles
  9. 9.Defender Cloud = posture
  10. 10.Sentinel = SIEM plus SOAR
  11. 11.Purview = compliance governance
  12. 12.Priva = privacy risk

Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)

Practice QuestionsStudy GuideCheat Sheet
2 blogs

Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals

$49.99 · Buy on Amazon

Take courses on UdemyLearning path on Pluralsight
Same family resources

Explore More Microsoft Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Microsoft Power BI Data Analyst

Cheat SheetPractice QuestionsStudy GuideFlashcards
1 video3 blogs

Azure MD-102

Cheat SheetPractice QuestionsStudy Guide
1 video1 blog

Azure MS-102

Cheat SheetPractice Questions
1 video3 blogs

Microsoft Power Platform Functional Consultant

Practice Questions
2 blogs

Microsoft Certified: Identity and Access Administrator Associate (SC-300)

Practice Questions
1 blog

Microsoft Certified: Information Security Administrator Associate (SC-401)

Practice Questions
1 blog

More From This Family

Videos and articles for deeper review.

VideoFREE MD-102 Exam Guide 2026: Pass Microsoft Endpoint Administrator (Intune, Autopilot, Windows 11)VideoPL-300 Power BI Data Analyst Exam Guide 2026 (FREE)ArticleSC-900 Exam Guide 2026: Pass Microsoft Security Cert FREE28 min readArticleFREE DP-600 Exam Guide 2026: Pass Microsoft Fabric Analytics Engineer (Direct Lake, DAX, Semantic Models)27 min readArticleFREE MD-102 Exam Guide 2026: Pass Microsoft Endpoint Administrator (Intune, Autopilot, Windows 11)24 min readArticleFREE MS-102 Exam Guide 2026: Pass Microsoft 365 Administrator (Entra, Defender XDR, Purview)24 min read