1. Home
  2. Microsoft
  3. SC-300

Microsoft Identity and Access Administrator

Exam Details

  • Exam Code
    :SC-300
  • Exam Name
    :Microsoft Identity and Access Administrator
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :305 Q&As
  • Last Updated
    :Mar 29, 2025

Microsoft Microsoft Certifications SC-300 Questions & Answers

  • Question 131:

    You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. The tenant uses pass-through authentication. A corporate security policy states the following:

    1.

    Domain controllers must never communicate directly to the internet.

    2.

    Only required software must be installed on servers.

    The Active Directory domain contains the on-premises servers shown in the following table.

    You need to ensure that users can authenticate to Azure AD if a server fails.

    On which server should you install an additional pass-through authentication agent?

    A. Server4

    B. Server2

    C. Server1

    D. Server3

  • Question 132:

    You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced.

    You create an Azure Sentinel instance and configure the Azure Active Directory connector.

    You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection.

    What should you do first?

    A. Add an Azure Sentinel data connector.

    B. Configure the Notify settings in Azure AD Identity Protection.

    C. Create an Azure Sentinel playbook.

    D. Modify the Diagnostics settings in Azure AD.

  • Question 133:

    You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.

    The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain.

    The VPN server does NOT support Azure Multi-Factor Authentication (MFA).

    You need to recommend a solution to provide Azure MFA for VPN connections.

    What should you include in the recommendation?

    A. Azure AD Application Proxy

    B. an Azure AD Password Protection proxy

    C. Network Policy Server (NPS)

    D. a pass-through authentication proxy

  • Question 134:

    You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

    Which objects can you add as eligible in Azure AD Privileged Identity Management (PIM) for an Azure AD role?

    A. User1, Guest1, and Identity1

    B. User1 and Guest1 only

    C. User1 only

    D. User1 and Identity1 only

  • Question 135:

    You have an Azure Active Directory (Azure AD) tenant named contoso.com.

    You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.

    Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution

    NOTE: Each correct selection is worth one point.

    A. email address

    B. redirection URL

    C. username

    D. shared key

    E. password

  • Question 136:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 tenant.

    All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services. Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a

    sign-in request.

    You need to block the users automatically when they report an MFA request that they did not initiate. Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA). Does this meet the goal?

    A. Yes

    B. No

  • Question 137:

    You have a Microsoft 365 tenant.

    The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.

    Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.

    You plan to manage access to external applications by using Azure AD.

    You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.

    What should you use to gather the information?

    A. Application Insights in Azure Monitor

    B. access reviews in Azure AD

    C. Cloud App Discovery in Microsoft Cloud App Security

    D. enterprise applications in Azure AD

  • Question 138:

    You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

    From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.

    You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

    What should you use?

    A. the Identity Governance blade in the Azure Active Directory admin center

    B. the Set-AzureAdUser cmdlet

    C. the Licenses blade in the Azure Active Directory admin center

    D. the Set-WindowsProductKey cmdlet

  • Question 139:

    You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.

    Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.

    You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights at administrator role. Does this meet the goal?

    A. Yes

    B. No

  • Question 140:

    You have a Microsoft 365 tenant.

    You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.

    What should you do first?

    A. Run the Get-AzureADAuditDirectoryLogs cmdlet.

    B. Create an Azure AD workbook.

    C. Run the Set-AzureADTenantDetail cmdlet.

    D. Modify the Diagnostics settings for Azure AD.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-300 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.