Microsoft SC-300 Microsoft Identity and Access Administrator Online Training
Microsoft SC-300 Online Training
The questions for SC-300 were last updated at Dec 20,2024.
- Exam Code: SC-300
- Exam Name: Microsoft Identity and Access Administrator
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. The tenant-uses through authentication.
A corporate security policy states the following:
✑ Domain controllers must never communicate directly to the internet.
✑ Only required software must be- installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.
You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?
- A . Server2
- B . Server4
- C . Server1
- D . Server3
HOTSPOT
You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country.
What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?
- A . home prions
- B . mobile app notification
- C . a mobile app code
- D . an email to an address in your organization
You have a Microsoft 365 tenant.
You currently allow email clients that use Basic authentication to conned to Microsoft Exchange Online.
You need to ensure that users can connect t to Exchange only run email clients that use Modern authentication protocols.
What should you implement?
You need to ensure that use Modern authentication
- A . a compliance policy in Microsoft Endpoint Manager
- B . a conditional access policy in Azure Active Directory (Azure AD)
- C . an application control profile in Microsoft Endpoint Manager
- D . an OAuth policy in Microsoft Cloud App Security
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled.
The account lockout settings are configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 tenant.
You need to identify users who have leaked credentials.
The solution must meet the following requirements.
• Identity sign-Ins by users who ate suspected of having leaked credentials.
• Rag the sign-ins as a high risk event.
• Immediately enforce a control to mitigate the risk, while still allowing the user to access applications.
What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You create the Azure Active Directory (Azure AD) users shown in the following table.
On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.
The users authentication to Azure AD on their devices as shown in the following table.
On February 26, 2021, what will the multi-factor auth status be for each user?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Your company has two divisions named Contoso East and Contoso West.
The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.
You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?
- A . Configure the exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
- B . Configure Azure AD Application Proxy in the Contoso West tenant.
- C . Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
- D . Invite the Contoso East users as guests in the Contoso West tenant.
Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant.
The tenant contains the shown in the following table.
All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.
Connectivity from the on-premises domain to the internet is lost.
Which user can sign in to Azure AD?
- A . User1 only
- B . User1 and User 3 only
- C . User1, and User2 only
- D . User1, User2, and User3
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?
- A . an access review
- B . the terms or use
- C . a linked subscription
- D . a user flow