Microsoft Updated SC-900 Exam Questions and Answers by jonas

(CIEM) solution. CIEM is a security technology category that helps organizations manage identity and access permissions across multi-cloud environments, including Microsoft Azure, AWS, and Google Cloud Platform (GCP).

According to Microsoft’s official Security, Compliance, and Identity (SCI) training and documentation (especially relevant in SC-300 and SC-900 learning paths):

“Microsoft Entra Permissions Management is a CIEM solution that provides comprehensive visibility and control over permissions for all identities and resources across multicloud environments.”

Key features of Microsoft Entra Permissions Management as a CIEM include:

Discovery of over-privileged accounts and unused permissions.

Enforcement of the principle of least privilege.

Detailed permissions analytics and reporting.

Support for Azure, AWS, and GCP environments.

This solution is designed to address the growing risk of identity sprawl and permission misuse in cloud platforms, which traditional identity governance or SIEM tools do not address effectively.

Incorrect Options:

CSPM (Cloud Security Posture Management) focuses on cloud misconfiguration, not identity permissions.

SIEM (e.g., Microsoft Sentinel) aggregates logs/events for threat detection, not entitlement visibility.

XDR (e.g., Microsoft Defender XDR) is focused on detection and response across endpoints, identities, and data—not entitlement management.

✅ Therefore, the correct and Microsoft-verified classification is: a cloud infrastructure entitlement management (CIEM) solution.

Microsoft Purview Insider Risk Management is designed to identify, investigate, and act on risky activities by internal users—for example data exfiltration, data theft, policy violations, and user sentiments/signals that may indicate insider risk. SCI documentation explains that Insider Risk policies analyze signals such as file downloads, copying to USB, sharing to personal cloud, printing, or anomalous activity following events like performance warnings or resignation notices. Because it focuses on insider behaviors, it is not used to detect external threat vectors like phishing scams; those are addressed by Microsoft Defender for Office 365 and related anti-phishing protections—hence statement 1 is No. The solution is accessed in the Microsoft Purview (formerly Microsoft 365) compliance center under Insider risk management, where admins configure policies, alerts, and workflows—so statement 2 is Yes. Finally, its core purpose includes detecting and investigating potential data leaks by disgruntled or departing employees, using built-in policy templates (e.g., Data theft by departing employee, Data leaks), making statement 3 Yes.

For Azure data services such as Azure SQL Managed Instance, Microsoft provides threat detection and protection through Microsoft Defender for Cloud (via Microsoft Defender for SQL). Microsoft documentation states that Defender for Cloud “provides advanced threat protection for your SQL resources,” including Azure SQL Database and Azure SQL Managed Instance, by “continuously monitoring for anomalous activities and potential SQL injection, brute force, and exploitation attempts.” When enabled, the plan “generates security alerts when suspicious activities are detected,” and these alerts can be surfaced in Defender for Cloud, forwarded to Microsoft Sentinel, or integrated with workflows for response. Microsoft Secure Score is a security posture metric, application security groups are for network segmentation in Azure, and Azure Bastion provides secure RDP/SSH over TLS—none of these deliver database-specific threat detection. Therefore, to provide threat detection for Azure SQL Managed Instance, you use Microsoft Defender for Cloud (Defender for SQL).

In Microsoft identity architecture, federation establishes trust between different identity providers to enable single sign-on (SSO) across organizational and platform boundaries. Microsoft Learn explains that federation uses standards such as SAML, WS-Federation, and OpenID Connect/OAuth 2.0 so a user can authenticate with their home identity provider and obtain tokens that are accepted by a relying party (the application or service). This trust relationship lets organizations share identities securely without copying passwords or synchronizing credentials, providing a seamless sign-in experience across multiple systems and clouds.

By contrast, Active Directory Domain Services (AD DS) and a domain controller provide on-premises directory and authentication services primarily within a single Windows domain/forest using Kerberos/NTLM, not cross-provider SSO on their own. Microsoft Entra Privileged Identity Management (PIM) manages just-in-time, approval-based elevation for roles and does not deliver SSO capabilities. Therefore, the technology explicitly intended to provide SSO across multiple identity providers is federation.