[UPDATED 2025] Free Microsoft SC-300 Exam Questions Self-Assess Preparation
SC-300 Free Sample Questions to Practice One Year Update
NEW QUESTION # 129
You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Server1
On DC1
NEW QUESTION # 130
You have a Microsoft 365 tenant.
You need to identify users who have leaked credentials. The solution must meet the following requirements.
* Identity sign-Ins by users who ate suspected of having leaked credentials.
* Rag the sign-ins as a high risk event.
* Immediately enforce a control to mitigate the risk, while still allowing the user to access applications.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Graphical user interface, text, application, email Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks
NEW QUESTION # 131
You have an Azure Active Directory (Azure AD) tenant that has Security defaults disabled.
You are creating a conditional access policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
NEW QUESTION # 132
You have an Azure subscription.
You are evaluating enterprise software as a service (SaaS) apps.
You need to ensure that the apps support automatic provisioning of Microsoft Entra users.
Which specification should the apps support?
- A. WS-Fed
- B. SCIM 2.0
- C. OAuth 2.0
- D. LDAP3
Answer: B
NEW QUESTION # 133
You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com.
You discover that users use their email address for self-service sign-up to Microsoft 365 services.
You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Creat a self-signed user accont in the Azure AD tenant
2 - Sign in to the Microsoft 365admin center
3 - Respond to the Become the admin message
4 - Create a TXT record in the contose.com DNS zone
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover
NEW QUESTION # 134
You have a Microsoft 365 subscription that contains the users shown in the following table.
From the tenan1, you configure a naming policy for groups.
Which users are affected by the naming policy?
- A. User1, User2, and User3 only
- B. User2 and User3 only
- C. User1, User2, User3, and User4
- D. User3 and User4 only
- E. User2 only
- F. User3only
Answer: D
NEW QUESTION # 135
You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com.
You discover that users use their email address for self-service sign-up to Microsoft 365 services.
You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover
NEW QUESTION # 136
You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 137
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
The users have the devices shown in the following table.
You create the following two Conditional Access policies:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -starts With "Device*"
o Access controls
Grant: Block access
Session: 0 controls selected
o Enable policy: On
* Name: CAPolicy2
* Assignments
o Users or workload identities: Group2
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions: 0 conditions selected
* Access controls
o Grant: Grant access
Require multifactor authentication
o Session:
0 controls selected
* Enable policy: On
All users confirm that they can successfully authenticate using MFA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated
NEW QUESTION # 138
You need to meet the authentication requirements for leaked credentials.
What should you do?
- A. Configure an authentication method policy in Azure AD.
- B. Enable password hash synchronization in Azure AD Connect.
- C. Configure Azure AD Password Protection.
- D. Enable federation with PingFederate in Azure AD Connect.
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
Topic 2, Contoso, Ltd
Existing Environment
The on-premises network of Contoso contains an Active Directory domain named contos.com. The domain contains an organizational unit (OU) named Contoso_Resources. The Contoso_Resoureces OU contains all users and computers.
The Contoso.com Active Directory domain contains the users shown in the following table.
Microsoft 365/Azure Environment
Contoso has an Azure AD tenant named Contoso.com that has the following associated licenses:
Microsoft Office 365 Enterprise E5
Enterprise Mobility + Security
Windows 10 Enterprise E5
Project Plan 3
Azure AD Connect is configured between azure AD and Active Directory Domain Serverless (AD DS). Only the Contoso Resources OU is synced.
Helpdesk administrators routinely use the Microsoft 365 admin center to manage user settings.
User administrators currently use the Microsoft 365 admin center to manually assign licenses, All user have all licenses assigned besides following exception:
The users in the London office have the Microsoft 365 admin center to manually assign licenses. All user have licenses assigned besides the following exceptions:
The users in the London office have the Microsoft 365 Phone System License unassigned.
The users in the Seattle office have the Yammer Enterprise License unassigned.
Security defaults are disabled for Contoso.com.
Contoso uses Azure AD Privileged identity Management (PIM) to project administrator roles.
Problem Statements
Contoso identifies the following issues:
* Currently, all the helpdesk administrators can manage user licenses throughout the entire Microsoft 365 tenant.
* The user administrators report that it is tedious to manually configure the different license requirements for each Contoso office.
* The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps.
* Currently, the helpdesk administrators can perform tasks by using the: User administrator role without justification or approval.
* When the Logs node is selected in Azure AD, an error message appears stating that Log Analytics integration is not enabled.
Planned Changes
Contoso plans to implement the following changes.
Implement self-service password reset (SSPR). Analyze Azure audit activity logs by using Azure Monitor-Simplify license allocation for new users added to the tenant. Collaborate with the users at Fabrikam on a joint marketing campaign. Configure the User administrator role to require justification and approval to activate.
Implement a custom line-of-business Azure web app named App1. App1 will be accessible from the internet and authenticated by using Azure AD accounts.
For new users in the marketing department, implement an automated approval workflow to provide access to a Microsoft SharePoint Online site, group, and app.
Contoso plans to acquire a company named Corporation. One hundred new A Datum users will be created in an Active Directory OU named Adatum. The users will be located in London and Seattle.
Technical Requirements
Contoso identifies the following technical requirements:
* AH users must be synced from AD DS to the contoso.com Azure AD tenant.
* App1 must have a redirect URI pointed to https://contoso.com/auth-response.
* License allocation for new users must be assigned automatically based on the location of the user.
* Fabrikam users must have access to the marketing department's SharePoint site for a maximum of 90 days.
* Administrative actions performed in Azure AD must be audited. Audit logs must be retained for one year.
* The helpdesk administrators must be able to manage licenses for only the users in their respective office.
* Users must be forced to change their password if there is a probability that the users' identity was compromised.
NEW QUESTION # 139
You are looking to improve your organizations security posture after hearing about breaches and hacks of other organizations on the news. You have been looking into Azure Identity Protection and you are commissioning a team to begin implementing this service. This team will need full access to Identity Protection but would not need to reset passwords. You should follow the principle of least privilege. What role should you grant this new team?
- A. Security Administrator
- B. HelpDesk Administrator
- C. Global Administrator
- D. Security Operator
Answer: A
NEW QUESTION # 140
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION # 141
You need to meet the planned changes for the User administrator role.
What should you do?
- A. Modify Active Assignments.
- B. Create an administrator unit.
- C. Modify Role settings
- D. Create an access review.
Answer: C
Explanation:
Role Setting details is where you need to be: Role setting details - User Administrator Privileged Identity Management | Azure AD roles Default Setting State Require justification on activation Yes Require ticket information on activation No On activation, require Azure MFA Yes Require approval to activate No Approvers None
NEW QUESTION # 142
You have an Azure Active Directory (Azure AD) tenant that has the default App registrations settings. The tenant contains the users shown in the following table.
You purchase two cloud apps named App1 and App2. The global administrator registers App1 in Azure AD.
You need to identify who can assign users to App1, and who can register App2 in Azure AD.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added
NEW QUESTION # 143
Hotspot Question
You have a Microsoft Entra tenant that contains the users shown in the following table.
You add the following assignment for the User Administrator role:
- Scope type: Directory
- Selected members: Group1
- Assignment type: Active
- Assignments starts: August 15, 2022
- Assignment ends: December 15, 2022
You add the following assignment for the Exchange Administrator role:
- Scope type: Directory
- Selected members: Group2
- Assignment type: Eligible
- Assignments starts: October 15, 2022
- Assignment ends: January 15, 2023
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 144
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 145
You have a Microsoft 365 E5 subscription that contains a web app named App1.
Guest users are regularly granted access to App1.
You need to ensure that the guest users that have NOT accessed App1 during the past 30 days have their access removed the solution must minimize administrative effort.
What should you configure?
- A. a compliance policy
- B. a Conditional Access policy
- C. an access review for application access
- D. a guest access review
Answer: D
NEW QUESTION # 146
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:[email protected]
Microsoft 365 Password: =1122334455667788
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 99999999
You need to prevent all users from using passwords that are variations of the word Falcon.
To complete this task, sign in to the appropriate admin center.
Answer:
Explanation:
NEW QUESTION # 147
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 148
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
Name: Group1
Members: User1, User2
Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)
Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
A screenshot of a computer Description automatically generated with low confidence
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/review-your-access
NEW QUESTION # 149
You have an Azure Active Directory (Azure AD) tenant.
You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.
For how long does Azure AD store events in the sign-in log?
- A. 14 days
- B. 90 days
- C. 30 days
- D. 365 days
Answer: C
Explanation:
Topic 1, Contoso, Ltd
Overview
Contoso, Ltd is a consulting company that has a main office in Montreal offices in London and Seattle.
Contoso has a partnership with a company named Fabrikam, Inc Fabcricam has an Azure Active Diretory (Azure AD) tenant named fabrikam.com.
Existing Environment
The on-premises network of Contoso contains an Active Directory domain named contos.com. The domain contains an organizational unit (OU) named Contoso_Resources. The Contoso_Resoureces OU contains all users and computers.
The Contoso.com Active Directory domain contains the users shown in the following table.
Microsoft 365/Azure Environment
Contoso has an Azure AD tenant named Contoso.com that has the following associated licenses:
* Microsoft Office 365 Enterprise E5
* Enterprise Mobility + Security
* Windows 10 Enterprise E5
* Project Plan 3
Azure AD Connect is configured between azure AD and Active Directory Domain Serverless (AD DS). Only the Contoso Resources OU is synced.
Helpdesk administrators routinely use the Microsoft 365 admin center to manage user settings.
User administrators currently use the Microsoft 365 admin center to manually assign licenses, All user have all licenses assigned besides following exception:
The users in the London office have the Microsoft 365 admin center to manually assign licenses. All user have licenses assigned besides the following exceptions:
* The users in the London office have the Microsoft 365 Phone System License unassigned.
* The users in the Seattle office have the Yammer Enterprise License unassigned.
Security defaults are disabled for Contoso.com.
Contoso uses Azure AD Privileged identity Management (PIM) to project administrator roles.
Problem Statements
Contoso identifies the following issues:
* Currently, all the helpdesk administrators can manage user licenses throughout the entire Microsoft 365 tenant.
* The user administrators report that it is tedious to manually configure the different license requirements for each Contoso office.
* The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps.
* Currently, the helpdesk administrators can perform tasks by using the: User administrator role without justification or approval.
* When the Logs node is selected in Azure AD, an error message appears stating that Log Analytics integration is not enabled.
Planned Changes
Contoso plans to implement the following changes.
Implement self-service password reset (SSPR). Analyze Azure audit activity logs by using Azure Monitor-Simplify license allocation for new users added to the tenant. Collaborate with the users at Fabrikam on a joint marketing campaign. Configure the User administrator role to require justification and approval to activate.
Implement a custom line-of-business Azure web app named App1. App1 will be accessible from the internet and authenticated by using Azure AD accounts.
For new users in the marketing department, implement an automated approval workflow to provide access to a Microsoft SharePoint Online site, group, and app.
Contoso plans to acquire a company named Corporation. One hundred new A Datum users will be created in an Active Directory OU named Adatum. The users will be located in London and Seattle.
Technical Requirements
Contoso identifies the following technical requirements:
* AH users must be synced from AD DS to the contoso.com Azure AD tenant.
* App1 must have a redirect URI pointed to https://contoso.com/auth-response.
* License allocation for new users must be assigned automatically based on the location of the user.
* Fabrikam users must have access to the marketing department's SharePoint site for a maximum of 90 days.
* Administrative actions performed in Azure AD must be audited. Audit logs must be retained for one year.
* The helpdesk administrators must be able to manage licenses for only the users in their respective office.
* Users must be forced to change their password if there is a probability that the users' identity was compromised.
NEW QUESTION # 150
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a Microsoft SharePoint Online site named Site1.
The subscription contains the devices shown in the following table.
The users sign in to the devices as shown in the following table.
You have a Conditional Access policy that has the following settings:
- Name: CA1
- Assignments
o Users and groups: User1, User2, User3
o Cloud apps or actions: SharePoint - Site1
- Access controls
o Session: Use app enforced restrictions
From the SharePoint admin center, you configure Access control for unmanaged devices to allow limited, web-only access.
Which users will have full access to Site1?
- A. User1 and User2 only
- B. User1 only
- C. User1, User2, and User3
- D. User2 only
- E. User3only
Answer: B
Explanation:
https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-managed- unmanaged-devices?view=o365-worldwide&tabs=Managed
NEW QUESTION # 151
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you create an assignment for the Insights at administrator role.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION # 152
Task 2
You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements:
* The reviews must occur monthly.
* The manager of each guest user must review the access.
* If the reviews are NOT completed within five days, access must be removed.
* If the guest user does not have a manager, Megan Bowen must review the access.
Answer:
Explanation:
See the Explanation below for complete Solution.
Explanation:
To implement a process for reviewing guest users' access to the Salesforce app with the specified requirements, you can follow these steps:
* Set Up Access Reviews in Microsoft Entra ID Governance:
* Ensure you have the necessary permissions, such as Global Administrator or User Administrator.
* Navigate to Identity Governance in the Microsoft Entra portal.
* Go to Access Reviews and create a new review.
* Configure the Review Settings:
* Set the review to occur monthly.
* Choose the Salesforce app to be reviewed.
* Assign the review to the managers of each guest user.
* Automate the Review Completion Check:
* Use Microsoft Entra's automation capabilities to track the completion of reviews.
* Set up an alert or a trigger to check if a review is not completed within five days.
* Automate Access Removal:
* If a review is not completed in time, configure an automatic process to remove access for the guest user.
* Handle Cases Without Managers:
* For guest users without a manager, assign Megan Bowen as the reviewer.
* This can be done by creating a dynamic group for users without managers and setting Megan Bowen as the default reviewer for this group.
* Monitor and Audit:
* Regularly monitor the access review process.
* Ensure that the reviews are being completed and that access is appropriately managed.
By setting up these steps, you will have a monthly review process for guest users' access to the Salesforce app, with automatic removal of access if reviews are not completed within five days, and Megan Bowen assigned as the reviewer for guests without a manager
NEW QUESTION # 153
......
Real exam questions are provided for Microsoft Certified: Identity and Access Administrator Associate tests, which can make sure you 100% pass: https://www.prepawayexam.com/Microsoft/braindumps.SC-300.ete.file.html
Download SC-300 exam with Microsoft SC-300 Real Exam Questions: https://drive.google.com/open?id=1fJ8PRWXiE4obUXUNDaWS2s_PACUf1xZB