Try Free Latest Microsoft SC-300 Practice Test Questions To Get Certified

test2022-03-24T03:58:31+00:00

SC-300 Microsoft Identity and Access Administrator exam is the only required exam for Microsoft Certified: Identity and Access Administrator Associate certification. The SC-300 practice test has been updated to reflect the most recent version of the Microsoft Identity and Access Administrator exam.With a thorough understanding of these top-rated SC-300 exam dumps, you will find it much easier to prepare for and pass the SC-300 exam, as you will be able to assess your preparation for the SC-300 exam.

Take this free SC-300 practice exam right now to see how well you know yourself.

Page 1 of 4

1. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.

Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.

You need to ensure that a new security administrator receives the alerts instead of you.

Solution: From Azure AD, you create an assignment for the Insights at administrator role.

Does this meet the goal?

Yes

2. You have a Microsoft 365 tenant.

The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.

The domain contains the servers shown in the following table.

The domain controllers are prevented from communicating to the internet.

You implement Azure AD Password Protection on Server1 and Server2.

You deploy a new server named Server4 that runs Windows Server 2019.

You need to ensure that Azure AD Password Protection will continue to work if a single server fails.

What should you implement on Server4?

Azure AD Connect

Azure AD Application Proxy

Password Change Notification Service (PCNS)

the Azure AD Password Protection proxy service

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure conditional access policies.

Does this meet the goal?

Yes

4. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.

You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

the Administrative units blade in the Azure Active Directory admin center

the Set-AzureAdUser cmdlet

the Groups blade in the Azure Active Directory admin center

the Sec-MsolUserLicense cmdlet

5. HOTSPOT

You need to meet the technical requirements for license management by the helpdesk administrators.

What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

6. You have an Azure Active Directory (Azure AD) tenant.

You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.

For how long does Azure AD store events in the sign-in logs?

14 days

30 days

90 days

365 days

7. You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not Initiate.

Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA).

Does this meet the goal?

Yes

8. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.

Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.

You need to ensure that a new security administrator receives the alerts instead of you.

Solution: From Azure monitor, you create a data collection rule.

Does this meet the goal?

Yes

9. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license.

The tenant contains the users shown in the following table.

You have the Device Settings shown in the following exhibit.

User1 has the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

10. HOTSPOT

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 2 of 4

11. You have a Microsoft 365 tenant.

The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.

You need to review access to the Exchange admin center at the end of each month and block sign-ins if

required.

What should you create?

an access package that targets users outside your directory

an access package that targets users in your directory

a group-based access review that targets guest users

an application-based access review that targets guest users

12. You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not Initiate.

Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).

Does this meet the goal?

Yes

13. You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

Group1 only

Group1 and Group4 only

Group1 and Group2 only

Group1, Group2, Group4, and Group5 only

Group1, Group2, Group3, Group4 and Group5

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You set Reviewers to Member (self).

Does this meet the goal?

Yes

15. HOTSPOT

You need to implement password restrictions to meet the authentication requirements.

You install the Azure AD password Protection DC agent on DC1.

What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

16. You have a Microsoft 365 tenant.

You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.

What should you do first?

Run the Get-AzureADAuditDirectoryLogs cmdlet.

Create an Azure AD workbook.

Run the Set-AzureADTenantDetail cmdlet.

Modify the Diagnostics settings for Azure A

17. HOTSPOT

You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)

You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)

You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

18. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled.

The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

19. You have a Microsoft 365 tenant.

All users have mobile phones and laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

a notification through the Microsoft Authenticator app

an app password

Windows Hello for Business

SMS

20. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table.

In the tenant, you create the groups shown in the following table.

Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 3 of 4

21. Your company has an Azure Active Directory (Azure AD) tenant named contosri.com.

The company has the business partners shown in the following table.

users can request access by using package 1.

Users at Fabrikam and Litware use ail then respective domain names for email addresses.

You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.

You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.

What is the minimum of connected organization that you should create?

22. HOTSPOT

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.

Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.

You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.

You create a connected organization for Fabrikam.

You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.

Department1 has the users shown in the Users exhibit. (Click the Users tab.)

Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)

Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)

The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

24. You have an Azure Active Directory (Azure AD) tenant.

You create an enterprise application collection named HR Apps that has the following settings:

• Applications: Appl. App?, App3

• Owners: Admin 1

• Users and groups: HRUsers

AH three apps have the following Properties settings:

• Enabled for users to sign in: Yes

• User assignment required: Yes

• Visible to users: Yes

Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3.

What should you do from App3?

What should you do from App3?

From Users and groups, add HRUsers.

Prom Properties, change User assignment required to No.

From Permissions, review the User consent permissions.

From Single sign on, configure a sign-on method.

25. DRAG DROP

You have a Microsoft 365 E5 tenant.

You purchase a cloud app named App1.

You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

26. HOTSPOT

You need to implement the planned changes and technical requirements for the marketing department.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. You have a Microsoft 365 tenant.

All users have mobile phones and laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

a notification through the Microsoft Authenticator app

security questions

a verification code from the Microsoft Authenticator app

28. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.

Fabrikam users must be removed automatically from the tenant when access is no longer required.

You need to configure the following settings:

✑ Block external user from signing in to this directory: No

✑ Remove external user: Yes

✑ Number of days before removing external user from this directory: 90

What should you configure on the Identity Governance blade?

Access packages

Settings

Access reviews

29. You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

User1 only

User1 and Identity1 only

User1. Guest1, and Identity

User1 and Guest1 only

30. You have a Microsoft 365 tenant.

All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.

You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.

Which policy type should you create?

a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured

an Azure AD conditional access policy that has session controls configured

an Azure AD conditional access policy that has client apps conditions configured

a Microsoft Cloud App Security app discovery policy that has governance actions configured

Page 4 of 4

31. HOTSPOT

Your network contains an on-premises Active Directory domain named contoso.com.

The domain contains the objects shown in the following table.

You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)

You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.