[May 02, 2024] SC-300 Free Exam Questions with Quality Guaranteed
SC-300 Free Exam Files Downloaded Instantly
The SC-300 certification exam is a challenging test that requires a significant amount of preparation and study. However, earning this certification can help you advance your career and demonstrate your expertise in the field of identity and access management. It can also improve your job prospects and increase your earning potential.
Exam SC-300: Microsoft Identity and Access Administrator
The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.
The Identity and Access Administrator may be a single individual or a member of a larger team. This role collaborates with many other roles in the organization to drive strategic identity projects to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.
Part of the requirements for: Microsoft Certified: Identity and Access Administrator Associate
NEW QUESTION # 112
You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.
You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.
Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 113
Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.
You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?
- A. Configure Azure AD Application Proxy in the Contoso West tenant.
- B. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
- C. Create guest accounts for all the Contoso East users in the West tenant.
- D. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
Answer: C
NEW QUESTION # 114
You create the Azure Active Directory (Azure AD) users shown in the following table.
On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.
The users authentication to Azure AD on their devices as shown in the following table.
On February 26, 2021, what will the multi-factor auth status be for each user?
A)
B)
C)
D)
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: C
NEW QUESTION # 115
You need to implement the planned changes and technical requirements for the marketing department.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-organization
NEW QUESTION # 116
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
Name: Group1
Members: User1, User2
Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)
Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/review-your-access
NEW QUESTION # 117
You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users' email.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/app-permission-policy
NEW QUESTION # 118
You have an Azure subscription that contains the resources shown in the following table.
You need to configure access to Vault1. The solution must meet the following requirements:
* Ensure that User1 can manage and create keys in Vault1.
* Ensure that User2 can access a certificate stored in Vault1.
* Use the principle of least privilege.
Which role should you assign to each user? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 119
Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.
You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?
- A. Configure Azure AD Application Proxy in the Contoso West tenant.
- B. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
- C. Create guest accounts for all the Contoso East users in the West tenant.
- D. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
Answer: C
NEW QUESTION # 120
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.
For which groups can you create an access review?
- A. Group1 and Group4 only
- B. Group1, Group2, Group4, and Group5 only
- C. Group1 and Group2 only
- D. Group1, Group2, Group3, Group4 and Group5
- E. Group1 only
Answer: B
Explanation:
You cannot create access reviews for device groups.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
NEW QUESTION # 121
You have an Azure subscription that contains a user named User1. You need to meet the following requirements:
* Prevent User1 from being added as an owner of newly registered apps.
* Ensure that User1 can manage the application proxy settings.
* Ensure that User2 can register apps.
* Use the principle of least privilege.
Which role should you assign to User1?
- A. Application administrator
- B. Cloud application administrator
- C. Application developer
- D. Service support administrator
Answer: B
NEW QUESTION # 122
Your network contains an on-premises Active Directory domain that syncs to an Azure AD tenant.
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the Windows 10 computers to support Azure AD Seamless SSO.
What should you do?
- A. Configure Sign-in options from the Settings app.
- B. Install the Azure AD Connect Authentication Agent.
- C. Modify the Local intranet zone settings
- D. Enable Enterprise State Roaming.
Answer: A
NEW QUESTION # 123
You need to meet the technical requirements for license management by the helpdesk administrators.
What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 124
You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license. The tenant contains the users shown in the following table.
You have the Device Settings shown in the following exhibit.
User1 has the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
NEW QUESTION # 125
You have an Azure Active Directory (Azure AD) tenant that contains Azure AD Privileged Identity Management (PIM) role settings for the User administrator role as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
NEW QUESTION # 126
You need to meet the technical requirements for license management by the helpdesk administrators.
What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 127
You have an Azure AD tenant that contains the groups shown in the following table.
You create an access review for Group1 as shown in the following table.
You create an access review for Group2 as shown in the following table.
What is the minimum number of Azure AD Premium P2 licenses required for each group? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 128
You have an Azure Active Directory (Azure AD) tenant.
For the tenant. Users can register applications Is set to No.
A user named Admin1 must deploy a new cloud app named App1.
You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to Admin1?
- A. App Configuration Data Owner for Subscription!
- B. Cloud application administrator in Azure AD
- C. Managed Application Contributor for Subscription!
- D. Application developer in Azure AD
Answer: D
NEW QUESTION # 129
You have an Azure AD tenant that contains the users shown in the following table.
You have the locations shown in the following table.
The tenant contains a named location that Das the following configurations:
* Name: location1
* Mark as trusted location: Enabled
* IPv4 range: 10.10.0.0/16
MFA has a trusted iPad dress range of 193.17.17.0/24.
You have a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: All cloud apps
* Conditions
* Locations All trusted locations
* Access controls
o Gant
* Grant access: Require multi-factor authentication
* Session: 0 controls selected
* Enable policy: On
For each of the following statements select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 130
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
The users have the devices shown in the following table.
You create the following two Conditional Access policies:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -starts With "Device*"
o Access controls
Grant: Block access
Session: 0 controls selected
o Enable policy: On
* Name: CAPolicy2
* Assignments
o Users or workload identities: Group2
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions: 0 conditions selected
* Access controls
o Grant: Grant access
Require multifactor authentication
o Session:
0 controls selected
* Enable policy: On
All users confirm that they can successfully authenticate using MFA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated
NEW QUESTION # 131
......
Q&As with Explanations Verified & Correct Answers: https://www.fast2test.com/SC-300-premium-file.html
Practice Exams and Training Solutions for Certifications: https://drive.google.com/open?id=1w79O_igVmTiOfBFBjn8mYz2Ml124DbdK