Updated Dec-2021 SC-300 Exam Practice Test Questions
Verified SC-300 dumps Q&As 100% Pass in First Attempt Guaranteed Updated Dump
Schedule exam
Languages: English, Japanese, Chinese (Simplified), Korean
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: implement an identity management solution; implement an authentication and access management solution; implement access management for apps; and plan and implement an identity governance strategy.
Exam SC-300: Microsoft Identity and Access Administrator
The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.
The Identity and Access Administrator may be a single individual or a member of a larger team. This role collaborates with many other roles in the organization to drive strategic identity projects to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.
Part of the requirements for: Microsoft Certified: Identity and Access Administrator Associate
NEW QUESTION 36
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?
- A. enterprise applications in Azure AD
- B. access reviews in Azure AD
- C. Application Insights in Azure Monitor
- D. Cloud App Discovery in Microsoft Cloud App Security
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports#using-traffic-logs-
NEW QUESTION 37
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You plan to implement Azure AD Identity Protection.
Which users can configure the user risk policy, and which users can view the risky users report? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
NEW QUESTION 38
You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 39
You have a Microsoft 365 E5 tenant.
You purchase a cloud app named App1.
You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Publish App 1 in Azure Active Directory (Azure AD)
2 - From Microsoft Cloud App Security, modify the Connected apps settings for App 1.
3 - From Microsoft Cloud App Security, create a session policy.
4 - Create a conditional access policy thet has session controls configured.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-any-app
https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad
NEW QUESTION 40
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)
You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Reference:
D18912E1457D5D1DDCBD40AB3BF70D5D
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
NEW QUESTION 41
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.
Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?
- A. User1 only
- B. User1. Guest1, and Identity
- C. User1 and Guest1 only
- D. User1 and Identity1 only
Answer: A
NEW QUESTION 42
You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users' email.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/app-permission-policy
NEW QUESTION 43
You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative users. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?
- A. Security operator
- B. Privileged authentication administrator
- C. Authentication administrator
- D. Helpdesk administrator
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
NEW QUESTION 44
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
You need to configure the fraud alert settings.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
NEW QUESTION 45
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.
users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 46
Your company has a Microsoft 365 tenant.
The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.
The users are prohibited from having a mobile phone in the call center.
You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.
What should you include in the solution?
- A. the Microsoft Authenticator app
- B. FIDO2 tokens
- C. Windows Hello for Business authentication
- D. a named network location
Answer: B
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless
NEW QUESTION 47
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure conditional access policies.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn Implement an authentication and access management solution Question Set 1
NEW QUESTION 48
You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)
Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units
NEW QUESTION 49
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table.
In the tenant, you create the groups shown in the following table.
Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups-nesting/
NEW QUESTION 50
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
- A. an Azure AD conditional access policy that has session controls configured
- B. a Microsoft Cloud App Security app discovery policy that has governance actions configured
- C. a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured
- D. an Azure AD conditional access policy that has client apps conditions configured
Answer: A
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad
NEW QUESTION 51
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
User1 is the owner of Group1.
You create an access review that has the following settings:
* Users to review: Members of a group
* Scope: Everyone
* Group: Group1
* Reviewers: Members (self)
Which users can perform access reviews for User3?
- A. User1, User2, and User3
- B. User1 only
- C. User1 and User2 only
- D. User3 only
Answer: D
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start- security-review
NEW QUESTION 52
......
Ultimate Guide to Prepare Free SC-300 Exam Questions & Answer: https://drive.google.com/open?id=1af6ny6L0WpNJrTNrx-egwgtfST2ec_wq
Pass Microsoft Certified: Identity and Access Administrator Associate SC-300 Exam With 112 Questions: https://www.actualtestsit.com/Microsoft/SC-300-exam-prep-dumps.html