Microsoft SC-300 Microsoft Identity and Access Administrator Online Training
Microsoft SC-300 Online Training
The questions for SC-300 were last updated at Dec 22,2024.
- Exam Code: SC-300
- Exam Name: Microsoft Identity and Access Administrator
- Certification Provider: Microsoft
- Latest update: Dec 22,2024
You have an Azure Active Directory (Azure AD) tenant.
You open the risk detections report.
Which risk detection type is classified as a user risk?
- A . impossible travel
- B . anonymous IP address
- C . atypical travel
- D . leaked credentials
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
- A . a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured
- B . an Azure AD conditional access policy that has session controls configured
- C . an Azure AD conditional access policy that has client apps conditions configured
- D . a Microsoft Cloud App Security app discovery policy that has governance actions configured
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
- A . Azure AD Application Proxy
- B . an Azure AD Password Protection proxy
- C . Network Policy Server (NPS)
- D . a pass-through authentication proxy
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
The domain contains the servers shown in the following table.
The domain controllers are prevented from communicating to the internet.
You implement Azure AD Password Protection on Server1 and Server2.
You deploy a new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails.
What should you implement on Server4?
- A . Azure AD Connect
- B . Azure AD Application Proxy
- C . Password Change Notification Service (PCNS)
- D . the Azure AD Password Protection proxy service
HOTSPOT
You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users’ email.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?
- A . Application Insights in Azure Monitor
- B . access reviews in Azure AD
- C . Cloud App Discovery in Microsoft Cloud App Security
- D . enterprise applications in Azure AD
HOTSPOT
You have an on-premises datacenter that contains the hosts shown in the following table.
You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that has the default App registrations settings.
The tenant contains the users shown in the following table.
You purchase two cloud apps named App1 and App2. The global administrator registers App1 in Azure AD.
You need to identify who can assign users to App1, and who can register App2 in Azure AD.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. You plan to create an emergency-access administrative account named Emergency1. Emergency1
will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures.
You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.
What should you do?
- A . Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
- B . Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for
Emergency1. - C . Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate
network. - D . Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.
You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?
- A . an access policy in Microsoft Cloud App Security.
- B . Terms and conditions in Microsoft Endpoint Manager.
- C . a conditional access policy in Azure AD
- D . a compliance policy in Microsoft Endpoint Manager