Microsoft Certification

Microsoft SC-900 Practice Test

Prepare for the Microsoft Security, Compliance, and Identity Fundamentals exam with free practice tests built around the official SC-900 skills outline. Each test has 20 questions with a proportional timer matching the actual exam pace of approximately 54 seconds per question.

9Practice Tests
180Total Questions
4Domains Covered
100%Free Forever

Mixed Set — SC-900 Practice Tests

Questions distributed across all 4 domains according to the official SC-900 skills outline. The highest-weighted domain — Describe the capabilities of Microsoft security solutions (35–40%) — appears most frequently, just like the real exam.

01
SC-900 Practice Test 1
20 Qs · ~18 min
Start Test →
02
SC-900 Practice Test 2
20 Qs · ~18 min
Start Test →
03
SC-900 Practice Test 3
20 Qs · ~18 min
Start Test →
04
SC-900 Practice Test 4
20 Qs · ~18 min
Start Test →
05
SC-900 Practice Test 5
20 Qs · ~18 min
Start Test →

Domain Wise — SC-900 Mock Tests

Target each SC-900 domain with focused practice. Each mock test covers 20 questions from a single domain to help you build confident, conceptual mastery of every area tested on the Microsoft Security, Compliance, and Identity Fundamentals exam.

D1
Describe the Concepts of Security, Compliance, and Identity
Zero Trust model, shared responsibility model, defense in depth, encryption, data residency, data sovereignty, authentication vs. authorization, and core identity concepts
10–15% Exam Weight Start Test →
D2
Describe the Capabilities of Microsoft Entra
Microsoft Entra ID, authentication methods, Conditional Access, MFA, single sign-on (SSO), identity protection, Privileged Identity Management (PIM), and external identities
25–30% Exam Weight Start Test →
D3
Describe the Capabilities of Microsoft Security Solutions
Microsoft Defender XDR, Microsoft Sentinel, Defender for Cloud, Azure network security (NSGs, Azure Firewall, DDoS Protection), Microsoft Security Copilot, and security posture management
35–40% Exam Weight Start Test →
D4
Describe the Capabilities of Microsoft Compliance Solutions
Microsoft Purview compliance portal, information protection, data lifecycle management, insider risk management, eDiscovery, audit, and compliance management capabilities
15–20% Exam Weight Start Test →

About the SC-900 Certification Exam

Everything you need to know about the SC-900 exam format, who it is for, and what the Microsoft Certified: Security, Compliance, and Identity Fundamentals credential represents.

What Is the SC-900?

The SC-900: Microsoft Security, Compliance, and Identity Fundamentals exam leads to the Microsoft Certified: Security, Compliance, and Identity Fundamentals credential. It is Microsoft's entry-level certification for the security, compliance, and identity domain — designed for a broad audience that includes business stakeholders, students, IT professionals, functional consultants, and anyone who wants to build foundational literacy in how Microsoft secures its cloud platforms.

Unlike role-based Microsoft certifications, the SC-900 is entirely conceptual. It tests your understanding of the purpose and capabilities of Microsoft's security, identity, and compliance solutions — not your ability to configure them. This makes it an ideal starting point before pursuing more advanced credentials such as SC-200 (Security Operations Analyst), AZ-500 (Azure Security Engineer), or SC-300 (Identity and Access Administrator). The certification does not expire, so it remains valid for the lifetime of the holder once earned.

Exam Format (2026)

Exam code: SC-900: Microsoft Security, Compliance, and Identity Fundamentals.

Questions: 40 to 60 questions. Question types include multiple-choice, hotspot, drag-and-drop, and scenario-based single-answer items.

Duration: 45 minutes of actual exam time.

Question types: Multiple-choice, multiple-select, hotspot, drag-and-drop, and matching questions. No case studies or lab simulations.

Passing score: 700 on a scale of 1–1,000.

Exam fee: $99 USD via Pearson VUE (online or test center). Price varies by country.

Who Should Take This Exam?

Target audience: The SC-900 is intended for anyone who wants to demonstrate foundational knowledge of Microsoft security, compliance, and identity. There are no technical experience requirements.

Ideal candidates include: Business decision makers evaluating Microsoft security products, IT administrators new to the Microsoft security stack, students building toward a cybersecurity career, compliance and legal professionals working in Microsoft 365 environments, and IT professionals seeking a structured entry point before attempting role-based security certifications.

No expiry: As a fundamentals-level credential, the Microsoft Certified: Security, Compliance, and Identity Fundamentals certification does not expire and requires no annual renewal — a significant advantage over Microsoft's role-based and specialty certifications.

Preparation time: Most candidates need 1 to 2 weeks of study using the official Microsoft Learn learning path.

SC-900 Domain Weights — 2025–2026 Skills Outline

The SC-900 exam tests conceptual knowledge across four domains. Weights reflect the proportion of questions from each domain on the real exam, with Microsoft security solutions carrying the largest share at 35–40%.

DomainTopicWeight
Domain 1Describe the Concepts of Security, Compliance, and Identity10–15%
Domain 2Describe the Capabilities of Microsoft Entra25–30%
Domain 3Describe the Capabilities of Microsoft Security Solutions35–40%
Domain 4Describe the Capabilities of Microsoft Compliance Solutions15–20%

How Our Practice Tests Are Designed

Conceptual question style — The SC-900 is a knowledge-based exam that tests understanding of what Microsoft security, identity, and compliance products do and when to use them, not how to configure them. Our practice questions reflect this style: you might be asked to identify which Microsoft Entra feature enforces access controls based on sign-in risk, which Microsoft Purview capability manages data lifecycle, or what the Zero Trust model's core principles are. No technical implementation or command-line knowledge is tested.

Blueprint-aligned mixed sets — Mixed practice tests distribute questions proportionally across all 4 domains per the official SC-900 skills outline. Microsoft security solutions (35–40%) receives the most questions, followed by Microsoft Entra capabilities (25–30%), Microsoft compliance solutions (15–20%), and security, compliance, and identity concepts (10–15%) — matching the real exam distribution.

Proportional timer — The SC-900 exam allows 45 minutes for up to 60 questions, approximately 54 seconds per question. Each 20-question practice test is timed at about 18 minutes to build the quick, confident decision-making the real exam pace demands.

Domain-specific deep dives — Use domain-wise tests to concentrate on individual areas of the exam. The Microsoft Entra capabilities domain (25–30%) and Microsoft security solutions domain (35–40%) together account for over 60% of the exam — making them the highest-priority areas for focused practice before exam day.

SC-900 Exam Preparation Tips

Study Strategy

Use the Microsoft Learn learning path as your primary resource: Microsoft publishes a free, official learning path on Microsoft Learn that covers every SC-900 objective in structured modules. This is the single most aligned resource for this exam and should be the foundation of your preparation before using practice tests or other materials.

Group products by function: The most common challenge on the SC-900 is keeping Microsoft's many security and compliance product names straight. Use a simple mental model: Microsoft Entra is about identity (who you are and what you can access), Microsoft Defender is about threat protection (detecting and responding to attacks), Microsoft Sentinel is about SIEM and SOAR (monitoring and automated response), and Microsoft Purview is about compliance (protecting and governing data).

Focus on the security solutions domain: At 35–40% of the exam, the Microsoft security solutions domain is the single largest contributor to your score. Ensure you can describe the purpose and key capabilities of Microsoft Defender XDR, Defender for Cloud, Microsoft Sentinel, Azure network security services (NSGs, Azure Firewall, DDoS Protection), and Microsoft Security Copilot.

Test-Taking Strategy

Read each question for the key descriptor word: SC-900 questions frequently use specific terms that point directly to the correct answer. Words like "identity protection," "conditional access," "insider risk," "eDiscovery," and "information barriers" each map to a specific Microsoft product or feature. Training yourself to recognize these terms during practice makes the real exam significantly faster.

Eliminate by function, not by name: Microsoft frequently renames and reorganizes its products. When unsure about a product name, think about the function it performs. If a question asks about detecting threats across endpoints, email, and identities in a unified portal, the answer is Microsoft Defender XDR — regardless of how the product is branded in any given question.

Pace at under one minute per question: With 45 minutes and up to 60 questions, you have less than a minute per question. Unlike longer Microsoft exams, there is very little time to deliberate. Use the 18-minute timed format of our practice tests to build the speed and decisiveness the real exam requires — especially important because the SC-900 does not allow you to return to flagged questions on some delivery platforms.

Frequently Asked Questions

How many questions are on the SC-900 exam?+
The SC-900 exam contains 40 to 60 questions. Microsoft does not publish the exact count per attempt. Question types include multiple-choice, multiple-select, hotspot, drag-and-drop, and matching items. There are no case study scenarios or hands-on lab simulations on this fundamentals-level exam.
What is the passing score for the SC-900?+
You need a score of 700 or higher on a scale of 1 to 1,000 to pass. Microsoft uses a scaled scoring model, so performance on individual questions is weighted according to difficulty. There is no per-domain minimum — your total score across all four domains determines whether you pass.
How long should I study for the SC-900?+
Most candidates prepare in 1 to 2 weeks. Those already familiar with Microsoft 365 or Azure may be ready in a few days of focused study. Completing the official Microsoft Learn SC-900 learning path — which consists of four free learning paths aligned to each exam domain — is the most direct and efficient preparation approach available.
Are these practice tests completely free?+
Yes. All SC-900 practice tests on Security Practice Test are entirely free with no account creation or registration required. Select any test and start practicing immediately.
Does the SC-900 certification expire?+
No. Unlike Microsoft's role-based and specialty certifications, which expire annually and require free renewal assessments, the Microsoft Certified: Security, Compliance, and Identity Fundamentals certification earned through the SC-900 does not expire. Once earned, it remains valid permanently with no renewal required.
How are mixed set questions distributed across domains?+
Mixed practice tests follow the official SC-900 skills outline proportions: Describe the capabilities of Microsoft security solutions (35–40%) receives the most questions, followed by Describe the capabilities of Microsoft Entra (25–30%), Describe the capabilities of Microsoft compliance solutions (15–20%), and Describe the concepts of security, compliance, and identity (10–15%). This mirrors the real exam distribution.
Do I need any prior experience or certifications to take the SC-900?+
No prior experience, certifications, or technical background is required. The SC-900 is designed for a broad audience including business professionals, students, and non-technical staff. You should have a general familiarity with Microsoft Azure and Microsoft 365 at a conceptual level, but no hands-on experience with any product is expected or tested.
What certifications can I pursue after the SC-900?+
The SC-900 is an excellent gateway to Microsoft's role-based security certifications. Common next steps include SC-200 (Microsoft Security Operations Analyst Associate) for SOC and threat detection roles, AZ-500 (Microsoft Azure Security Engineer Associate) for cloud security engineering, SC-300 (Microsoft Identity and Access Administrator Associate) for identity-focused roles, and SC-400 (Microsoft Information Protection and Compliance Administrator) for compliance roles.

Ready to Start Your Microsoft Security Journey?

Begin with a mixed set to benchmark your knowledge across all 4 SC-900 domains, then use domain-specific tests to sharpen the areas where you need the most practice.

Start SC-900 Practice Test 1 →

Authors

  • Security Practice Test Editorial Team
    : Author

    Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
  • Sudhanshu Thakur - Reviewer
    : Reviewer

    Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.