SC-300 Microsoft Identity and Access Administrator exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online SC-300 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
Certification Provider: Microsoft Exam Name: Microsoft Identity and Access Administrator Exam Code: SC-300 Official Exam Time: 120 mins Number of questions in the Official Exam: 40-60 Q&As Latest update time in our database: May 25,2023 SC-300 Official Exam Topics:
Topic1 : Configure tenant-wide settings
Topic2 : Create, configure, and manage groups / Implement and manage external identities
Topic3 : Manage external collaboration settings in Azure AD / Manage external user accounts in Azure AD
Topic5 : Configure Azure AD user authentication for Windows and Linux virtual machines on Azure / Plan, implement, and manage Azure AD conditional access
Topic6 : Test and troubleshoot conditional access policies / Use managed identities to access Azure resources
Topic7 : Analyze Azure role permissions / Implement access management for applications (15-20%)
Topic8 : Manage and monitor application access by using Microsoft Defender for Cloud Apps / Design and implement app management roles
Topic9 : Monitor and audit activity in enterprise applications / Implement application registrations
Topic10 : Manage and monitor applications by using App governance / Review per-user entitlements by using Azure AD Entitlement management
Topic11 : Create and configure access review programs / Respond to access review activity, including automated and manual responses
Topic12 : Plan and implement privileged access / Plan and manage Azure resources in PIM, including settings and assignments
Topic13 : Manage PIM requests and approval process /
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when
required.
What should you configure for the Security administrator role assignment? A . Expire eligible assignments after from the Role settings details B . Expire active assignments after from the Role settings details C . Assignment type to Active D . Assignment type to Eligible
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
For which users can you configure the Job title property and the Usage location property in Azure AD? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)
You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts.
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.
For which groups can you create an access review? A . Group1 only B . Group1 and Group4 only C . Group1 and Group2 only D . Group1, Group2, Group4, and Group5 only E . Group1, Group2, Group3, Group4 and Group5
Answer: D
Explanation:
You cannot create access reviews for device groups.
You have an Azure Active Directory Premium P2 tenant.
You create a Log Analytics workspace.
You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first? A . Run the Set-AzureADTenantDetail cmdlet. B . Create an Azure AD workbook. C . Modify the Diagnostics settings for Azure A E . Run the Get-AzureADAuditDirectoryLogs cmdlet.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location? A . a notification through the Microsoft Authenticator app B . an app password C . Windows Hello for Business D . SMS
Answer: C
Explanation:
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user’s device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.
