Download SC-300 Study Questions To Pass Microsoft Identity and Access Administrator

1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure conditional access policies.

Does this meet the goal?

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure password writeback.

Does this meet the goal?

3. You have an Azure Active Directory (Azure Azure) tenant that contains the objects shown in the following table.

• A device named Device1

• Users named User1, User2, User3, User4, and User5

• Five groups named Group1, Group2, Group3, Ciroup4, and Group5

The groups are configured as shown in the following table.





How many licenses are used if you assign the Microsoft Office 365 Enterprise E5 license to Group1?

4. You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create new catalogs and add resources to the catalogs they own.

What should you do?

5. HOTSPOT

You have an Azure subscription.

Azure AD logs are sent to a Log Analytics workspace.

You need to query the logs and graphically display the number of sign-ins per user.

How should you complete the query? To answer, select the appropriate options in the answer area.

6. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that has the default App registrations settings.

The tenant contains the users shown in the following table.





You purchase two cloud apps named App1 and App2. The global administrator registers App1 in Azure AD.

You need to identify who can assign users to App1, and who can register App2 in Azure AD.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

7. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)





You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You modify the properties of the IT administrator user accounts.

Does this meet the goal?

8. Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.

You need to ensure that the IT department users only have access to the Security administrator role when

required.

What should you configure for the Security administrator role assignment?

9. HOTSPOT

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

10. You have a Microsoft 365 tenant.

All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.

You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.

Which policy type should you create?

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not initiate.

Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).

Does this meet the goal?

12. You create a Log Analytics workspace.

You need to implement the technical requirements for auditing.

What should you configure in Azure AD?

13. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).

What should you configure?

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)





You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You add each manager as a fallback reviewer.

Does this meet the goal?

15. DRAG DROP

You have a Microsoft 365 E5 subscription that contains two users named User1 and User2.

You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

16. You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. The tenant-uses through authentication.

A corporate security policy states the following:

✑ Domain controllers must never communicate directly to the internet.

✑ Only required software must be- installed on servers.

The Active Directory domain contains the on-premises servers shown in the following table.





You need to ensure that users can authenticate to Azure AD if a server fails.

On which server should you install an additional pass-through authentication agent?

17. DRAG DROP

You have a Microsoft 365 E5 tenant.

You purchase a cloud app named App1.

You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)





You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You set Reviewers to Member (self).

Does this meet the goal?

19. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table.





In the tenant, you create the groups shown in the following table.





Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. HOTSPOT

You have an Azure AD tenant that contains the users shown in the following table.





You have the locations shown in the following table.





The tenant contains a named location that Das the following configurations:

• Name: location1

• Mark as trusted location: Enabled

• IPv4 range: 10.10.0.0/16

MFA has a trusted iPad dress range of 193.17.17.0/24.

You have a Conditional Access policy that has the following settings:

• Name: CAPolicy1

• Assignments

o Users or workload identities: Group 1

o Cloud apps or actions: All cloud apps

* Conditions

* Locations All trusted locations

• Access controls o Gant

• Grant access: Require multi-factor authentication

© Session: 0 controls selected

• Enable policy: On

For each of the following statements select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

21. You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.

You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy.

What should you do first?

22. You have a Microsoft 365 tenant.

The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.





In Azure AD. you add a new enterprise application named Appl.

Which groups can you assign to App1?

23. HOTSPOT

Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant.

You need to configure Azure AD Connect to meet the following requirements:

• User sign-ins to Azure AD must be authenticated by an Active Directory domain controller.

• Active Directory domain users must be able to use Azure AD self-service password reset (SSPR).

What should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

24. You have an Azure Active Directory (Azure AD) tenant that contains cloud-based enterprise apps.

You need to group related apps into categories in the My Apps portal.

What should you create?

25. HOTSPOT

You have an Azure AD tenant that contains the users shown in the following table.





In Azure AD Identity Protection, you configure a user risk policy that has the following settings:

• Assignments: o Users: Group1

o User risk: Low and above

• Controls:

o Access: Block access

• Enforce policy: On

In Azure AD Identity Protection, you configure a sign-in risk policy that has the following settings:

• Assignments: o Users: Group2

o Sign-in risk: Low and above

• Controls:

o Access: Require multi-factor authentication

• Enforce policy. On the following settings: ng settings:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

26. You have an Azure AD tenant that contains the users shown in the following table.





You add an enterprise application named App1 to Azure AD and set User1 as the owner of App1 requires admin consent to access Azure AD before the app can be used.

You configure the Admin consent requests strong as shown in the following exhibit.

Admin consent requests.

27. Your company requires that users request access before they can access corporate applications.

You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.

Which settings should you configure next for MyApp1?

28. You have a Microsoft 365 tenant.

The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.

You need to review access to the Exchange admin center at the end of each month and block sign-ins if

required.

What should you create?

29. You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced.

You create an Azure Sentinel instance and configure the Azure Active Directory connector.

You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection.

What should you do first?

30. You need to configure the detection of multi-staged attacks to meet the monitoring requirements.

What should you do?

31. HOTSPOT

You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)





You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)





You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.)





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

32. You have a Microsoft 365 subscription that contains the following:

• An Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium P2 license

• A Microsoft SharePoint Online site named Site1

• A Microsoft Teams team named Team1

You need to create an entitlement management workflow to manage Site1 and Team1.

What should you do first?

33. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains Azure AD Privileged Identity Management (PIM) role settings for the User administrator role as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

34. Topic 3, A. Datum Corp



Overview

A. Datum Corporation is a consulting company in Montreal.

A. Datum recently acquired a Vancouver-based company named Litware, Inc.



A Datum Environment

The on-premises network of

A. Datum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

A. Datum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect

A. Datum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant

has Security defaults disabled.

The tenant contains the users shown in the following table.



Problem Statements

A. Datum identifies the following issues:

• Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.

• A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address,

• When you attempt to assign the Device Administrators role To IT_Group1, the group does NOT appear in the selection list.

• Anyone in the organization can invite guest users, including other guests and non-administrators.

• The helpdesk spends too much time resetting user passwords.

• Users currently use only passwords for authentication.



Requirements

A, Datum plans to implement the following changes;

• Configure self-service password reset {SSPR}.

• Configure multi-factor authentication (MFA) for all users.

• Configure an access review for an access package named Package1.

• Require admin approval for application access to organizational data.

• Sync the AD DS users and groupsoflitware.com with the Azure AD tenant.

• Ensure that only users that are assigned specific admin roles can invite guest users.

• Increase the maximum number of devices that can be joined or registered to Azure AD to 10.



Technical Requirements

A. Datum identifies the following technical requirements:

• Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.

• Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.

• Users must provide one authentication method to reset their password by using SSPR.

Available methods must include:

• Email

• Phone

• Security questions

• The Microsoft Authenticator app

• Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.

• The principle of least privilege must be used.



DRAG DROP

You need to resolve the recent security incident issues.

What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

35. Your company has an Azure Active Directory (Azure AD) tenant named contosri.com.

The company has the business partners shown in the following table.





users can request access by using package 1.

Users at Fabrikam and Litware use ail then respective domain names for email addresses.

You plan to create an access package named packaqe1 that will be accessible only to the Fabrikam and Litware users.

You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.

What is the minimum of connected organization that you should create.

36. You have an Azure subscription that contains the resources shown in the following table.





For which resources can you create an access review?

37. Your company has an Azure AD tenant that contains the users shown in the following table.





You have the app registrations shown in the following table.





A company policy prevents changes to user permissions.

Which user can create appointments in the calendar of each user at the company?

38. DRAG DROP

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.

Attire AD Connect is installed on a server named Server 1.

You deploy a new server named Server? that runs Windows Server 2019.

You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

39. You have a Microsoft Exchange organization that uses an SMTP' address space of contoso.com.

Several users use their contoso.com email address for self-service sign up to Azure Active Directory (Azure AD).

You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.

You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.

Which PowerShell cmdlet should you run?

40. You need to resolve the issue of the guest user invitations.

What should you do for the Azure AD tenant?

41. You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You need to ensure that users can request access to Site. the solution must meet the following requirements.

• Automatically approve requests from users based on their group membership.

• Automatically remove the access after 30 days

What should you do?

42. HOTSPOT

You need to support the planned changes and meet the technical requirements for MFA.

Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

43. HOTSPOT

Your company has a Microsoft 365 tenant.

All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.

The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.

You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

44. DRAG DROP

You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com.

You register the name contoso.com with a domain registrar.

You need to use contoso.com as the default domain name for new Microsoft 365 users.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

45. You have an Azure AD tenant that contains a user named User1 and the conditional access policies shown in the following table.





You need to evaluate which policies will be applied User1 when User1 attempts to sign-in from various IP addresses.

Which feature should you use?

46. You have a Microsoft 365 tenant that uses the domain named fabrikam.com.

The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)





A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.





Which users will be emailed a passcode?

47. You have an Azure AD tenant named Contoso that contains a terms of use (ToU) named Terms1 and an access package. Contoso users collaborate with an external organization named Fabrikam. Fabrikam users must accept Terms1 before being allowed to use the access package.

You need to identify which users accepted or declined Terms1.

What should you use?

48. HOTSPOT

You have a Microsoft 365 tenant named contoso.com.

Guest user access is enabled.

Users are invited to collaborate with contoso.com as shown in the following table.





From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration restrictions settings as shown in the following exhibit.





From a Microsoft SharePoint Online site, a user invites [email protected] to the site.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

49. You have the Azure resources show in the following table.





To Which identities can you assign the Contributor role for RG1?

50. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.

A contractor uses the credentials of [email protected].

You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].

What should you do?

51. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)





You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You create a separate access review for each role.

Does this meet the goal?

52. You have an Azure Active Directory (Azure AD) tenant.

You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.

For how long does Azure AD store events in the sign-in logs?

53. You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert.

You need to test the policy under the following conditions;

• A user signs in from another country.

• A user triggers a sign-in risk.

What should you use to complete the test?

54. You have a Microsoft 365 tenant.

In Azure Active Directory (Azure AD), you configure the terms of use.

You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.

What should you configure?

55. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license.

The tenant contains the users shown in the following table.





You have the Device Settings shown in the following exhibit.





User1 has the devices shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

56. HOTSPOT

You have a custom cloud app named App1 that is registered in Azure Active Directory (Azure AD).

App1 is configured as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

57. You need to meet the authentication requirements for leaked credentials.

What should you do?

58. HOTSPOT

You need to meet the technical requirements for the probability that user identifies were compromised.

What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.