All SC-900 Test Inside Microsoft Questions

In Microsoft’s SCI learning content, the core objective of protecting information is framed by the CIA triad. Microsoft explains that “confidentiality, integrity, and availability are foundational security principles.” Within this model, integrity is described as the assurance that information remains trustworthy and unchanged from its intended state. The SCI materials state that integrity means “preventing unauthorized modification and ensuring the accuracy and completeness of data.” When a requirement says, “ensuring that the data you retrieve is the same as the data you stored,” it directly maps to this integrity principle—verifying that data hasn’t been altered, corrupted, or tampered with during storage or transmission.

Microsoft’s guidance further highlights that integrity is supported by controls that “detect or prevent unauthorized changes,” including cryptographic hashes, checksums, and digital signatures that can “provide proof that content hasn’t been modified.” By contrast, confidentiality focuses on restricting access (for example, through least privilege and encryption), and availability focuses on “reliable and timely access to information and systems.” Because the scenario emphasizes that the retrieved data is identical to the stored data, it is not about access or uptime but about preserving correctness and detecting alteration—which is precisely the integrity objective in Microsoft’s Security, Compliance, and Identity guidance.

In Microsoft’s Security, Compliance, and Identity guidance, Azure AD Privileged Identity Management (PIM) is the service used to manage, control, and monitor access to important resources in Azure and Microsoft 365. The documentation explains that PIM enables “just-in-time” and “time-bound” activation of privileged roles, requiring users to elevate only when needed and for a limited duration. PIM policies can require approval before a role is activated, enforce multifactor authentication, capture business justification, send notifications, and maintain detailed auditing and access review records. These controls are designed to reduce the risk associated with standing administrative privileges by ensuring that elevation is temporary, approved, and tracked.

By contrast, Windows Hello for Business provides strong, device-bound authentication; Azure AD Identity Protection focuses on detecting and remediating risky sign-ins and users; and Azure AD Access Reviews periodically reattest existing assignments but do not provide the on-demand, approval-based, time-limited activation of roles. Therefore, when the requirement is approval-based, time-bound role activation, Microsoft’s prescribed capability is Azure AD PIM, which delivers just-in-time elevation with approvers, duration limits, and audit/logging to support least privilege and Zero Trust operational practices.

In Microsoft’s Security, Compliance, and Identity guidance, encryption is described as the control that “converts data into a form that cannot be understood by anyone who does not possess the appropriate decryption key.” In the Microsoft Purview Information Protection (sensitivity labels with encryption) documentation, Microsoft explains that when encryption is applied to a file, “only authorized users and services that present the correct keys and usage rights can open and use the content,” and that access is enforced even if the file is moved outside the organization. Azure Rights Management (part of Microsoft Purview) further states that encryption “protects data at rest and in transit by using keys so that only permitted identities can decrypt and use the information.”

This aligns precisely with the sentence: encrypting a file makes the data readable and usable to viewers that have the appropriate key (and unreadable to those who do not). By contrast, archiving organizes or preserves data for long-term storage; compressing reduces file size without controlling access; and deduplicating removes redundant copies to save space. None of these provide the key-based, identity-bound access control described in Microsoft SCI materials. Therefore, the correct completion is Encrypting.

Endpoint data loss prevention (Endpoint DLP), a feature in Microsoft Purview, supports Windows 10 and 11 and now also supports macOS for core DLP capabilities. It allows organizations to monitor and restrict actions like copying sensitive files to USBs, printing, or uploading to unapproved cloud services.

SCI Extract: "Endpoint DLP extends Microsoft Purview Data Loss Prevention to Windows 10, Windows 11, and macOS devices, allowing for monitoring and control of sensitive data usage at the endpoint."

Other platforms like Linux, iOS, and Android are not currently supported for Endpoint DLP