microsoft sc-300 practice test

microsoft identity and access administrator

Last exam update: Dec 14 ,2024
Page 1 out of 31. Viewing questions 1-10 out of 307

Question 1

HOTSPOT Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
The tenant contains the groups shown in the following table.

The tenant contains the users shown in the following table.

You create an access review as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Mark Question:
Answer:


Box 1: No -
User1 is member of Group1. Group1 is in the cloud. Group1 is member of Group3. Group3 is in the cloud.
The access review applies to Group3, but not to Group1. The access review is setup to remove access if reviewers don't respond.

Box 2: Yes -
User2 is member of Group2. Group1 is in an Active Directory domain.
The access review applies to Group2.

Box 3: No -
User3 is member of Group3, not of Group2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Discussions
0 / 1000
Olami
3 months, 1 week ago

But the question says User 2 will be automatically removed from Group 3. User 2 is a member of Group 2 which is in the Active directory but Group 3 is directory synced and does not have User2 as a member, I feel the answer should NO here as well

Olami
3 months, 1 week ago

But the question says User 2 will be automatically removed from Group 3. User 2 is a member of Group 2 which is in the Active directory but Group 3 is directory synced and does not have User2 as a member, I feel the answer should NO here as well


Question 2

You have an Azure AD tenant that contains two users named User1 and User2.

You plan to perform the following actions:

Create a group named Group1.
Add User1 and User2 to Group1.
Assign Azure AD roles to Group1.

You need to create Group1.

Which two settings can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  • A. Group type: Microsoft 365 -Membership type: Assigned
  • B. Group type: Security -Membership type: Assigned
  • C. Group type: Security -Membership type: Dynamic User
  • D. Group type: Microsoft 365 -Membership type: Dynamic User
  • E. Group type: Security -Membership type: Dynamic Device
Mark Question:
Answer:

ab

User Votes:
A 2 votes
50%
B 3 votes
50%
C 2 votes
50%
D 1 votes
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 3

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users.

You needed to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

  • A. the Groups blade in the Azure Active Directory admin center
  • B. the Set-AzureADGroup cmdlet
  • C. the Identity Governance blade in the Azure Active Directory admin center
  • D. the Set-MsolUserLicense cmdlet
Mark Question:
Answer:

d

User Votes:
A 1 votes
50%
B 1 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
A device named Device1
Users named User1, User2, User3, User4, and User5
Groups named Group1, Group2, Group3, Group4, and Group5
The groups are configured as shown in the following table.

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

  • A. Group1 and Group4 only
  • B. Group1, Group2, Group3, Group4, and Group5
  • C. Group1 and Group2 only
  • D. Group1 only
  • E. Group1, Group2, Group4, and Group5 only
Mark Question:
Answer:

c


Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
E 1 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
Olami
3 months, 1 week ago

My answer is A because the assignment type is Assigned and only Group 1 and 4 can take up license assignments


Question 5

You have an Azure subscription that contains a user named User1.

The App registration settings for the Azure AD tenant are configured as shown in the following exhibit.



User1 builds an ASP.NET web app named App1.

You need to ensure that User1 can register App1. The solution must use the principle of least privilege.

Which role should you assign to User1?

  • A. Application Developer
  • B. Cloud App Security Administrator
  • C. Cloud Application Administrator
  • D. Application Administrator
Mark Question:
Answer:

a

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.

Which users will be emailed a passcode?

  • A. User2 only
  • B. User1 only
  • C. User1 and User2 only
  • D. User1, User2, and User3
Mark Question:
Answer:

a


Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

  • A. the Administrative units blade in the Azure Active Directory admin center
  • B. the Set-AzureAdUser cmdlet
  • C. the Groups blade in the Azure Active Directory admin center
  • D. the Set-MsolUserLicense cmdlet
Mark Question:
Answer:

d


The Set-MsolUserLicense cmdlet updates the license assignment for a user. This can include adding a new license, removing a license, updating the license options, or any combination of these actions.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. the Licenses blade in the Azure Active Directory admin center
2. the Set-MsolUserLicense cmdlet
Other incorrect answer options you may see on the exam include the following:
the Identity Governance blade in the Azure Active Directory admin center
the Set-WindowsProductKey cmdlet
the Set-AzureAdGroup cmdlet
Reference:
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluserlicense?view=azureadps-1.0

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA).
Does this meet the goal?

  • A. Yes
  • B. No
Mark Question:
Answer:

b


You need to configure the fraud alert settings.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

User Votes:
A 1 votes
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 9

Your company purchases a new Microsoft 365 E5 subscription and an app named App1.

You need to create a Microsoft Defender for Cloud Apps access policy for App1.

What should you do you first?

  • A. Configure a Conditional Access policy to use app-enforced restrictions.
  • B. Configure a Token configuration for App1.
  • C. Add an API permission for App1.
  • D. Configure a Conditional Access policy to use Conditional Access App Control.
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.

Several users use their contoso.com email address for self-service sign-up to Azure AD.

You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.

You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.

Which PowerShell cmdlet should you run?

  • A. Update-MgOrganization
  • B. Update-MgPolicyPermissionGrantPolicyExclude
  • C. Update-MgDomain
  • D. Update-MgDomainFederationConfiguration
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2