Microsoft Identity and Access Administrator SC-300 Update Dumps

test2023-01-16T08:00:48+00:00

The Microsoft Identity and Access Administrator SC-300 exam is a valuable certification for IT professionals looking to demonstrate their expertise in managing and securing identities and access within an organization. With the recent update to the exam, it’s important to stay current on the latest changes and best practices to ensure success on the test.

One way to prepare for the SC-300 exam is to use updated dumps. These Microsoft Identity and Access Administrator SC-300 Update Dumps can help you familiarize yourself with the types of questions that will be asked on the exam and identify areas where you need to focus your study efforts.

Page 1 of 4

1. You need to meet the authentication requirements for leaked credentials.

What should you do?

Enable federation with PingFederate in Azure AD Connect.

Configure Azure AD Password Protection.

Enable password hash synchronization in Azure AD Connect.

Configure an authentication method policy in Azure A

2. Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.

You need to ensure that the IT department users only have access to the Security administrator role when

required.

What should you configure for the Security administrator role assignment?

Expire eligible assignments after from the Role settings details

Expire active assignments after from the Role settings details

Assignment type to Active

Assignment type to Eligible

3. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.

You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

the Administrative units blade in the Azure Active Directory admin center

the Set-AzureAdUser cmdlet

the Groups blade in the Azure Active Directory admin center

the Sec-MsolUserLicense cmdlet

4. You have an Azure subscription that contains the custom roles shown in the following table.

You need to create a custom Azure subscription role named Role3 by using the Azure portal. Role3 will use the baseline permissions of an existing role.

Which roles can you clone to create Role3?

Role2 only

built-in Azure subscription roles only

built-in Azure subscription roles and Role2 only

built-in Azure subscription roles and built-in Azure AD roles only

Role1, Role2 built-in Azure subscription roles, and built-in Azure AD roles

5. You need to meet the planned changes for the User administrator role.

What should you do?

Create an access review.

Modify Role settings

Create an administrator unit.

Modify Active Assignments.

6. You have an Azure Active Directory (Azure AD) tenant.

You create an enterprise application collection named HR Apps that has the following settings:

• Applications: Appl. App?, App3

• Owners: Admin 1

• Users and groups: HRUsers

AH three apps have the following Properties settings:

• Enabled for users to sign in: Yes

• User assignment required: Yes

• Visible to users: Yes

Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3.

What should you do from App3?

What should you do from App3?

From Users and groups, add HRUsers.

Prom Properties, change User assignment required to No.

From Permissions, review the User consent permissions.

From Single sign on, configure a sign-on method.

7. You need to sync the ADatum users. The solution must meet the technical requirements.

What should you do?

From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.

From PowerShell, run Set-ADSyncScheduler.

From PowerShell, run Start-ADSyncSyncCycle.

From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.

8. You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.

You need to ensure that you can control access to Microsoft 365 resources by using conditional access

policies.

What should you do first?

Disable the User consent settings.

Disable Security defaults.

Configure a multi-factor authentication (MFA) registration policy.

Configure password protection for Windows Server Active Directory.

9. CORRECT TEXT

You implement the planned changes for SSPR.

What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

10. You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access.

What should you do first?

Configure access reviews in Azure A

Enforce Azure AD Password Protection.

implement multi-factor authentication (MFA) for all users.

Configure self-service password reset (SSPR) for all users.

Page 2 of 4

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.

You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.

You need to ensure that a new security administrator receives the alerts instead of you.

Solution: From Azure AD, you modify the Diagnostics settings.

Does this meet the goal?

Yes

12. HOTSPOT

You have a Microsoft 365 tenant.

You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

You view the User administrator role assignments as shown in the Role assignments exhibit. (Click the Role assignments lab.)

For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

13. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not initiate.

Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).

Does this meet the goal?

Yes

14. You have a Microsoft 365 tenant.

All users have mobile phones and laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

a notification through the Microsoft Authenticator app

an app password

Windows Hello for Business

SMS

15. Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant-

Users sign in to computers that run Windows 10 and are joined to the domain.

You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).

You need to configure the computers for Azure AD Seamless SSO.

What should you do?

Enable Enterprise State Roaming.

Configure Sign-in options.

Install the Azure AD Connect Authentication Agent.

Modify the Intranet Zone settings.

16. You need to implement the planned changes for litware.com.

What should you configure?

Azure AD Connect cloud sync between the Azure AD tenant and litware.com

Azure AD Connect to include the litware.com domain

staging mode in Azure AD Connect for the litware.com domain

17. HOTSPOT

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You modify the properties of the IT administrator user accounts.

Does this meet the goal?

Yes

19. HOTSPOT

Your company has a Microsoft 365 tenant.

All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.

The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.

You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.

The on-premises network contains a VPN server that authenticates to the on-premises Active Directory

domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).

You need to recommend a solution to provide Azure MFA for VPN connections.

What should you include in the recommendation?

Azure AD Application Proxy

an Azure AD Password Protection proxy

Network Policy Server (NPS)

a pass-through authentication proxy

Page 3 of 4

21. You have an Azure Active Directory (Azure AD) tenant.

You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.

For how long does Azure AD store events in the sign-in logs?

14 days

30 days

90 days

365 days

22. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

User1 is the owner of Group1.

You create an access review that has the following settings:

✑ Users to review: Members of a group

✑ Scope: Everyone

✑ Group: Group1

✑ Reviewers: Members (self)

Which users can perform access reviews for User3?

User1, User2, and User3

User3 only

User1 only

User1 and User2 only

23. HOTSPOT

You have a Microsoft 365 tenant named contoso.com.

Guest user access is enabled.

Users are invited to collaborate with contoso.com as shown in the following table.

From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration restrictions settings as shown in the following exhibit.

From a Microsoft SharePoint Online site, a user invites [email protected] to the site.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

24. HOTSPOT

You need to support the planned changes and meet the technical requirements for MFA.

Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

25. You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.

You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.

You need to download the Azure AD log that contains conditional access policy data.

What should you export from Azure AD?

sign-ins in JSON format

sign-ins in CSV format

audit logs in JSON format

audit logs in CSV format

26. HOTSPOT

You need to meet the technical requirements for the probability that user identities were compromised.

What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. HOTSPOT

You have a Microsoft 365 tenant.

Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).

You need to receive an alert if a registered application gains read and write access to the users’ email.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

28. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.

User1 has the devices shown in the following table.

On November 5, 2020, you create and enforce terms of use in contoso.com that has the following settings:

✑ Name: Terms1

✑ Display name: Contoso terms of use

✑ Require users to expand the terms of use: On

✑ Require users to consent on every device: On

✑ Expire consents: On

✑ Expire starting on: December 10, 2020

✑ Frequency: Monthly

On November 15, 2020, User1 accepts Terms1 on Device3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

29. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD

enterprise application named App1.

A contractor uses the credentials of [email protected].

You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].

What should you do?

Run the New-AzADUser cmdlet.

Configure the External collaboration settings.

Add a WS-Fed identity provider.

Create a guest user account in contoso.com.

30. Your company requires that users request access before they can access corporate applications.

You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.

Which settings should you configure next for MyApp1?

Self-service

Provisioning

Roles and administrators

Application proxy

Page 4 of 4

31. HOTSPOT

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.

Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.

You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.

You create a connected organization for Fabrikam.

You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

32. You have a Microsoft Exchange organization that uses an SMTP' address space of contoso.com.

Several users use their contoso.com email address for self-service sign up to Azure Active Directory (Azure AD).

You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.

You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.

Which PowerShell cmdlet should you run?

Set-MsolCompanySettings

Set-MsolDomainFederationSettings

Update-MsolfederatedDomain

Set-MsolDomain

33. You need to configure the detection of multi-staged attacks to meet the monitoring requirements.

What should you do?

Customize the Azure Sentinel rule logic.

Create a workbook.

Add Azure Sentinel data connectors.

Add an Azure Sentinel playbook.

34. You have a Microsoft 365 tenant.

You have an Active Directory domain that syncs to the Azure Active Directory {Azure AD) tenant.

Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.

You plan to manage access to external applications by using Azure AD.

You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.

What should you use to gather the information?

Cloud App Discovery in Microsoft Defender for Cloud Apps

enterprise applications in Azure AD

access reviews in Azure AD

Application Insights in Azure Monitor

35. You have an Azure Active Directory (Azure AD) tenant.

You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.

For how long does Azure AD store events in the sign-in log?

14 days

30 days

90 days

365 days

36. You have an Azure Active Directory (Azure AD) tenant that contains cloud-based enterprise apps.

You need to group related apps into categories in the My Apps portal.

What should you create?