Free AZ-900 Security, Privacy, Compliance, and Trust Practice Test 2026 — Microsoft Azure Fundamentals Questions
This free AZ-900 Security, Privacy, Compliance, and Trust practice test covers Microsoft Entra ID (formerly Azure AD), MFA, conditional access, RBAC, network security tools (NSGs, Firewall, DDoS), Microsoft Defender for Cloud, and the Microsoft Trust Center. Each question includes a detailed explanation with Azure service context — perfect for AZ-900 exam prep.
Key Topics in AZ-900 Security, Privacy, Compliance, and Trust
- Microsoft Entra ID
- MFA & Conditional Access
- RBAC
- NSGs & Azure Firewall
- Defender for Cloud
- Trust Center & Compliance
6 Free AZ-900 Security, Privacy, Compliance, and Trust Practice Questions with Answers
Sample Question 1 — Security, Privacy, Compliance, and Trust
Which Azure service is primarily used to manage and protect encryption keys and secrets used by cloud applications and services?
- A. Azure Active Directory
- B. Azure Key Vault (Correct answer)
- C. Azure Security Center
- D. Azure Information Protection
Correct answer: B
Explanation: Azure Key Vault is a cloud service for securely storing and accessing secrets, such as API keys, passwords, certificates, and encryption keys. It helps enhance data protection and compliance by centralizing application secrets. Azure Active Directory is for identity management, Azure Security Center is for security posture management, and Azure Information Protection is for data classification and labeling.
Sample Question 2 — Security, Privacy, Compliance, and Trust
What is the primary purpose of Azure Security Center?
- A. To manage user identities and access
- B. To provide a unified security management system and advanced threat protection across hybrid cloud workloads (Correct answer)
- C. To store and manage secrets and encryption keys
- D. To classify and protect sensitive information
Correct answer: B
Explanation: Azure Security Center provides a unified security management system and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It helps strengthen the security posture of your data centers and provides threat protection across all of your hybrid cloud workloads. Option A describes Azure Active Directory, C describes Azure Key Vault, and D describes Azure Information Protection.
Sample Question 3 — Security, Privacy, Compliance, and Trust
Which Azure feature allows you to define a set of rules that specify which network traffic is allowed to enter or leave a virtual network?
- A. Network Security Group (NSG) (Correct answer)
- B. Azure Firewall
- C. Azure Policy
- D. Azure Monitor
Correct answer: A
Explanation: Network Security Groups (NSGs) are used to filter network traffic to and from Azure resources in an Azure virtual network. NSGs contain security rules that allow or deny inbound or outbound network traffic, based on source and destination IP address, port, and protocol. Azure Firewall provides broader network security management, Azure Policy is for governance and compliance, and Azure Monitor is for monitoring and diagnostics.
Sample Question 4 — Security, Privacy, Compliance, and Trust
What is the role of Azure Active Directory (Azure AD) in ensuring security?
- A. It encrypts data at rest and in transit
- B. It manages user identities and access to resources (Correct answer)
- C. It provides a firewall to protect against network threats
- D. It monitors and logs security events
Correct answer: B
Explanation: Azure Active Directory (Azure AD) is a comprehensive identity and access management cloud solution that provides secure access to resources. It helps manage user identities and control access to applications and services. Option A is incorrect as Azure AD does not encrypt data, C is incorrect as Azure AD is not a firewall, and D is incorrect as Azure AD is not primarily used for monitoring security events.
Sample Question 5 — Security, Privacy, Compliance, and Trust
Which Azure service can be used to classify and label data to ensure it is protected appropriately?
- A. Azure Security Center
- B. Azure Information Protection (Correct answer)
- C. Azure Key Vault
- D. Azure Firewall
Correct answer: B
Explanation: Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally protect documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. Azure Security Center is for security management, Azure Key Vault is for managing keys and secrets, and Azure Firewall is for network security.
Sample Question 6 — Security, Privacy, Compliance, and Trust
How does Azure Policy help in maintaining compliance?
- A. By encrypting all data stored in Azure services
- B. By defining and enforcing governance rules for resources (Correct answer)
- C. By providing advanced threat protection for Azure resources
- D. By managing user access and identities
Correct answer: B
Explanation: Azure Policy helps to enforce organizational standards and assess compliance at-scale. It enables you to create, assign, and manage policy definitions that enforce rules for your resources, ensuring they are compliant with your corporate standards. Option A is incorrect as Azure Policy does not handle encryption, C is incorrect as it does not provide threat protection, and D is incorrect as Azure Policy does not manage user access.
About the Microsoft AZ-900 Exam
- Questions: 40-60
- Time: 85 minutes
- Passing score: 700 / 1000
- Cost: $99 USD
- Domains: 4 (this is 20-25% of the exam)
- Validity: Lifetime (Microsoft Fundamentals do not expire)
Other AZ-900 Domains
Start the free AZ-900 Security, Privacy, Compliance, and Trust practice test now | 10-question quick start | All AZ-900 domains