1. Home
  2. Microsoft
  3. SC-300

Microsoft Identity and Access Administrator

Exam Details

  • Exam Code
    :SC-300
  • Exam Name
    :Microsoft Identity and Access Administrator
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :305 Q&As
  • Last Updated
    :Mar 29, 2025

Microsoft Microsoft Certifications SC-300 Questions & Answers

  • Question 161:

    Your company requires that users request access before they can access corporate applications.

    You register a new enterprise application named MyApp in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp.

    Which settings should you configure next for MyApp?

    A. Self-service

    B. Provisioning

    C. Roles and administrators

    D. Application proxy

  • Question 162:

    You have an Azure Active Directory (Azure AD) tenant.

    For the tenant. Users can register applications Is set to No.

    A user named Admin1 must deploy a new cloud app named App1.

    You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.

    Which role should you assign to Admin1?

    A. Application developer in Azure AD

    B. App Configuration Data Owner for Subscription1

    C. Managed Application Contributor for Subscription1

    D. Cloud application administrator in Azure AD

  • Question 163:

    You have an Azure Active Directory (Azure AD) tenant.

    You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.

    For how long does Azure AD store events in the sign-in log?

    A. 14 days

    B. 30 days

    C. 90 days

    D. 365 days

  • Question 164:

    You have a Microsoft 365 tenant.

    The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. The domain contains the servers shown in the following table.

    The domain controllers are prevented from communicating to the internet.

    You implement Azure AD Password Protection on Server1 and Server2.

    You deploy a new server named Server4 that runs Windows Server 2019.

    You need to ensure that Azure AD Password Protection will continue to work if a single server fails.

    What should you implement on Server4?

    A. Azure AD Connect

    B. Azure AD Application Proxy

    C. Password Change Notification Service (PCNS)

    D. the Azure AD Password Protection proxy service

  • Question 165:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 tenant.

    You have 100 IT administrators who are organized into 10 departments.

    You create the access review shown in the exhibit. (Click the Exhibit tab.)

    You discover that all access review requests are received by Megan Bowen.

    You need to ensure that the manager of each department receives the access reviews of their respective department.

    Solution: You modify the properties of the IT administrator user accounts.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 166:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 tenant.

    You have 100 IT administrators who are organized into 10 departments.

    You create the access review shown in the exhibit. (Click the Exhibit tab.)

    You discover that all access review requests are received by Megan Bowen.

    You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You create a separate access review for each role.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 167:

    Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

    others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

    You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

    You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

    Solution: You configure conditional access policies.

    Does this meet the goal?

    A. Yes

    B. No

  • Question 168:

    You have an Azure Active Directory (Azure Azure) tenant that contains the objects shown in the following table.

    1.

    A device named Device1

    2.

    Users named User1, User2, User3, User4, and User5

    3.

    Five groups named Group1, Group2, Group3, Ciroup4, and Group5 The groups are configured as shown in the following table.

    How many licenses are used if you assign the Microsoft Office 365 Enterprise E5 license to Group1?

    A. 0

    B. 2

    C. 3

    D. 4

  • Question 169:

    You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

    Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

    A. User1 only

    B. User1 and Identity1 only

    C. User1. Guest1, and Identity

    D. User1 and Guest1 only

  • Question 170:

    You have a Microsoft 365 tenant.

    The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.

    You plan to create an emergency-access administrative account named Emergency1.

    Emergency1 will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures.

    You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.

    What should you do?

    A. Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.

    B. Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.

    C. Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.

    D. Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-300 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.