Free Practice Tests

Microsoft Security Certification
Practice Tests

Free, exam-aligned practice tests for Microsoft SC-900, SC-200, and AZ-500. Every test mirrors the real exam pace, domain weights, and question style — no sign-up required.

3 Exams Covered

26 Practice Tests

520 Free Questions

100% Free Forever

⚠ AZ-500 Retirement Notice

Microsoft has announced that the AZ-500 exam and the Microsoft Certified: Azure Security Engineer Associate certification will retire on August 31, 2026. If you are planning to sit for AZ-500, schedule your exam well before that date. Credentials earned before retirement remain valid through their annual renewal cycle.

Choose Your Microsoft Security Exam

Select the certification you are preparing for and start practicing with free timed tests aligned to the official Microsoft skills outlines.

SC-900

SC-900 Practice Test — Security, Compliance & Identity Fundamentals

Microsoft's entry-level security certification — no experience required, no expiry. 5 mixed-set tests + 4 domain-wise tests. Each test is 20 questions timed at ~18 minutes, matching the real exam pace of ~54 seconds per question.

9 Tests · 180 Qs · 4 Domains · $99 Start Practice Test →

SC-200

SC-200 Practice Test — Security Operations Analyst Associate

Role-based certification for SOC analysts using Microsoft Sentinel, Defender XDR, and Defender for Endpoint. Updated April 2026. 5 mixed-set tests + 3 domain-wise tests. Each test is 20 questions timed at ~54 minutes, matching the real exam pace of ~2.7 minutes per question.

8 Tests · 160 Qs · 3 Domains · $165 Start Practice Test →

AZ-500

AZ-500 Practice Test — Azure Security Engineer Associate

Hands-on certification for Azure security engineers covering identity, networking, compute, storage, and security operations. Retires August 31, 2026. 5 mixed-set tests + 4 domain-wise tests. Each test is 20 questions timed at ~50 minutes.

9 Tests · 180 Qs · 4 Domains · $165 Start Practice Test →

Microsoft Security Certifications Compared

A quick reference covering exam format, difficulty, and key details for SC-900, SC-200, and AZ-500.

Exam	Credential	Level	Questions	Duration	Passing Score	Fee (USD)	Expires?
SC-900	Security, Compliance & Identity Fundamentals	Fundamentals	40–60	45 min	700 / 1,000	$99	No (permanent)
SC-200	Security Operations Analyst Associate	Associate	40–60	150 min	700 / 1,000	$165	Annual renewal
AZ-500	Azure Security Engineer Associate	Associate	40–60	150 min	700 / 1,000	$165	Retires Aug 31, 2026

Exam Domain Weights — All Three Microsoft Exams

Our domain-wise tests are mapped directly to these official weights so your practice reflects the real exam distribution.

SC-900 — 4 Domains (40–60 questions, 45 min)

Describe Concepts of Security, Compliance & Identity (10–15%) | Describe Capabilities of Microsoft Entra (25–30%) | Describe Capabilities of Microsoft Security Solutions (35–40%) | Describe Capabilities of Microsoft Compliance Solutions (15–20%)

SC-200 — 3 Domains (40–60 questions, 150 min) — Updated April 2026

Manage a Security Operations Environment (40–45%) | Respond to Security Incidents (35–40%) | Perform Threat Hunting (20–25%)

AZ-500 — 4 Domains (40–60 questions, 150 min) — Retires August 31, 2026

Secure Identity and Access (15–20%) | Secure Networking (20–25%) | Secure Compute, Storage, and Databases (20–25%) | Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel (30–35%)

Which Microsoft Security Exam Should You Take?

The three exams serve very different audiences and career paths — here is how to choose.

Microsoft Security Certification Pathway

Start with SC-900 if you are new to Microsoft security and want foundational literacy across Microsoft Entra, Defender, Sentinel, and Purview. No prerequisites, no expiry, $99 exam fee. Ideal for career changers, business stakeholders, and anyone building toward SC-200 or AZ-500.

Choose SC-200 if you work in a SOC or security operations role using Microsoft Sentinel, Defender XDR, and Defender for Endpoint. It is the primary certification for detection engineers, threat hunters, and incident responders in Microsoft environments. Updated April 2026.

Choose AZ-500 if you are an Azure administrator or cloud security engineer responsible for securing Azure infrastructure — identity, networking, compute, storage, and Defender for Cloud. Note: this exam retires August 31, 2026.

SC-200 vs AZ-500 — Key Difference

SC-200 and AZ-500 are both associate-level Microsoft security certifications, but they serve different roles. SC-200 is a SOC-focused certification — it validates your ability to detect threats, investigate incidents, hunt for attackers, and automate responses using Microsoft security tools. AZ-500 is an infrastructure-focused certification — it validates your ability to secure Azure resources at the platform level through identity controls, network policies, compute hardening, and security posture management.

In practice: SC-200 is for blue teamers and SOC analysts. AZ-500 is for cloud security engineers and Azure administrators with a security specialization. Many professionals in Azure-heavy organizations benefit from holding both, as the skills complement each other directly.

Frequently Asked Questions

Common questions about Microsoft security certifications and these free practice tests.

Does the SC-900 certification expire?

No. Unlike Microsoft's role-based and specialty certifications, the SC-900 leads to the Microsoft Certified: Security, Compliance, and Identity Fundamentals credential, which does not expire. Once earned, it remains valid permanently with no annual renewal required. This makes it one of the few Microsoft certifications that does not require ongoing maintenance.

Is the AZ-500 being retired? What should I do?

Yes. Microsoft has announced that the AZ-500 exam and the Microsoft Certified: Azure Security Engineer Associate certification will retire on August 31, 2026. If you are currently studying for AZ-500, schedule your exam as soon as possible to ensure you sit before the retirement date. Credentials earned before retirement remain valid through their annual renewal cycle. Microsoft has not yet announced a direct replacement exam — check learn.microsoft.com for any successor certification announcements.

How many free practice tests are available for each Microsoft exam?

SC-900: 9 tests (5 mixed-set + 4 domain-wise), 180 questions, ~18 minutes per test. SC-200: 8 tests (5 mixed-set + 3 domain-wise), 160 questions, ~54 minutes per test. AZ-500: 9 tests (5 mixed-set + 4 domain-wise), 180 questions, ~50 minutes per test. All tests are completely free — no login or subscription required.

What changed in the SC-200 April 2026 update?

The April 16, 2026 update to the SC-200 skills outline restructured domain weights and revised several objectives. The Manage a Security Operations Environment domain was reorganized around four functional groups: automation configuration, Sentinel platform configuration, data ingestion, and detection configuration. New objectives were added covering agentic AI investigation using embedded Copilot for Security, Sentinel MCP Server connections in hunting notebooks, and KQL jobs in Data Lake. The previous "Manage assets and environments" skill group was removed. These practice tests reflect the current April 2026 skills outline.

Do I need prior certifications to take SC-200 or AZ-500?

No mandatory prerequisites exist for either exam. However, both are role-based associate-level certifications that assume working experience with Microsoft security tools. For SC-200, familiarity with Microsoft Sentinel, Defender XDR, and Microsoft 365 security services is expected. For AZ-500, practical Azure experience — ideally at the AZ-104 level — is assumed. The SC-900 is a useful conceptual foundation for both exams if you are newer to the Microsoft security ecosystem.

How do Microsoft's role-based certifications renew each year?

SC-200 and AZ-500 are role-based certifications that expire annually. Microsoft offers a free renewal path — you take a shorter online renewal assessment on Microsoft Learn before your certification's expiration date. No additional exam fee is required. The renewal assessment covers updated objectives and typically takes 30 to 45 minutes. If you miss the renewal window, you must retake and pass the full exam again at the standard $165 fee.

Start Practicing for Free — Right Now

No account. No payment. Pick your Microsoft exam and begin immediately.

SC-900 Tests → SC-200 Tests → AZ-500 Tests →

Authors

Security Practice Test Editorial Team: Author

Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.

Sudhanshu Thakur: Reviewer

Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.

Microsoft Security CertificationPractice Tests