CertLabProMicrosoft Security, Compliance, and Identity Fundamentals
175道练习题
最后审核:April 2026
为你的学习之旅记录个人笔记和资源链接
按认证筛选
Microsoft Security, Compliance, and Identity Fundamentals (SC-900) is a foundational credential that validates conceptual understanding of Microsoft's security, compliance, and identity (SCI) portfolio across Microsoft 365 and Azure. It is aimed at business stakeholders, IT generalists, sales and partner staff, compliance leads, and anyone new to security who needs a shared vocabulary for Microsoft Entra, Microsoft Defender, Microsoft Sentinel, Microsoft Purview, and Intune. The exam is conceptual rather than hands-on: expect to recognize service capabilities, identify which product addresses a given scenario (Zero Trust, DLP, conditional access, insider risk), and explain core principles of identity, encryption, and shared responsibility in plain language.
Foundational vocabulary: Zero Trust, defense in depth, the shared responsibility model, encryption and hashing basics, and the four identity pillars (administration, authentication, authorization, auditing). Lowest weight (12%) but the conceptual scaffolding the rest of the exam builds on.
Microsoft Entra ID (formerly Azure AD), external identities (B2B/B2C), conditional access, multifactor authentication, passwordless, Identity Protection, Privileged Identity Management, and Entra Permissions Management / Verified ID. About 28% of the exam — second-largest domain.
Largest domain (38%). Covers Microsoft Sentinel (cloud-native SIEM/SOAR), the Microsoft Defender XDR family (Defender for Endpoint, Office 365, Identity, Cloud Apps), Defender for Cloud, Azure network security (NSGs, Azure Firewall, DDoS Protection), and Azure Bastion. Expect scenario questions that ask which product fits which threat.
Microsoft Purview (compliance portal, information protection, DLP, insider risk management, eDiscovery, audit), Service Trust Portal, Compliance Manager, and resource governance via Azure Policy and Microsoft Purview Data Governance. About 22% of the exam.
$65k–$92k–$130k USD annual
SC-900 is foundational and rarely the deciding factor in compensation — these ranges reflect early-career security and identity-adjacent roles in the US where SC-900 is one of several signals on the resume. Senior security roles (where SC-200, SC-100, AZ-500, or CISSP are expected) trend significantly higher.
Source: U.S. BLS OEWS May 2024 (15-1212 information security analysts, median ~$120k; 15-1232 computer user support, median ~$60k), levels.fyi 2025–2026 security and IT support roles. Figures are approximate; actual compensation depends on role, region, and experience.
Microsoft's security stack — Defender XDR, Sentinel, Purview, Entra, and Intune — is the default in a large share of enterprises that already run Microsoft 365 and Azure, which makes SC-900 one of the most widely-recognized entry-level security credentials. Recruiters use it as a screening signal that a candidate can speak the Microsoft security vocabulary in interviews even before they hold a hands-on role. It is especially common on resumes for help-desk, IT-generalist, compliance, and partner pre-sales staff who are pivoting toward security, and for non-technical stakeholders (project managers, account executives, GRC leads) who need credibility when discussing Zero Trust, conditional access, or DLP with security teams. By itself it does not qualify someone for analyst or engineer roles, but it pairs well with SC-200 or AZ-500 as the next step.
There are no formal prerequisites. Microsoft recommends familiarity with networking and cloud computing concepts, general IT literacy, and a basic understanding of Microsoft Azure and Microsoft 365 — but candidates with no Microsoft background regularly pass after working through the official Microsoft Learn path (~10–14 hours) and one practice assessment.
If you have never used Azure or Microsoft 365, completing AZ-900 (Azure Fundamentals) or MS-900 (Microsoft 365 Fundamentals) first will make SC-900 noticeably easier: many SC-900 questions assume you recognize core Azure resources and the M365 admin surface. The three "900-level" exams overlap meaningfully and are often taken together by candidates building a Microsoft cloud foundation. Hands-on labs are not strictly required, but a free Microsoft 365 developer tenant and an Azure free account let you click through Entra, Purview, and Defender portals, which sticks far better than reading alone.
SC-900 is rated foundational and is one of the more approachable Microsoft certifications. Plan for 20–40 hours of study over 2–4 weeks if you have no prior Microsoft cloud or security background, or 8–15 hours over a week if you already know AZ-900 / MS-900 territory. The exam runs about 45 minutes with roughly 40–60 multiple-choice and multiple-response questions; passing score is 700/1000 on a scaled scoring model.
The hardest part for most candidates is service-name recognition: the Microsoft security portfolio has been renamed and reorganized repeatedly (Azure AD became Entra ID, the Defender suite consolidated into Defender XDR, Microsoft 365 Compliance became Purview), and exam questions consistently test whether you can match the current product name to the right capability. Memorizing the role of each product — Defender for Endpoint vs. Defender for Cloud vs. Defender for Identity, Purview vs. Priva, Entra ID vs. Entra Permissions Management — is most of what separates passing from failing.
General availability April 2021 as part of the Microsoft Security, Compliance, and Identity Fundamentals track. Objectives are refreshed periodically (most recently to reflect the Azure AD → Entra rename and the Microsoft 365 Compliance → Purview rebrand); as a fundamentals exam it does not retire on a 1-year cycle and the credential does not expire.
SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) is a considered an entry-level exam testing breadth of conceptual understanding rather than hands-on depth Foundational-level exam. Most candidates need 30–80 hours of study spread over 3–6 weeks for foundational-level exams. Most candidates who score consistently above the passing threshold on practice exams pass on their first attempt.