Certification Provider: Microsoft
Exam Name: Microsoft Identity and Access Administrator
Exam Code: SC-300
Official Exam Time: 120 mins
Number of questions in the Official Exam: 40-60 Q&As
Latest update time in our database: May 25,2023
SC-300 Official Exam Topics:
  • Topic1 : Configure tenant-wide settings
  • Topic2 : Create, configure, and manage groups / Implement and manage external identities
  • Topic3 : Manage external collaboration settings in Azure AD / Manage external user accounts in Azure AD
  • Topic4 : Implement and manage hybrid identity / Troubleshoot synchronization errors
  • Topic5 : Configure Azure AD user authentication for Windows and Linux virtual machines on Azure / Plan, implement, and manage Azure AD conditional access
  • Topic6 : Test and troubleshoot conditional access policies / Use managed identities to access Azure resources
  • Topic7 : Analyze Azure role permissions / Implement access management for applications (15-20%)
  • Topic8 : Manage and monitor application access by using Microsoft Defender for Cloud Apps / Design and implement app management roles
  • Topic9 : Monitor and audit activity in enterprise applications / Implement application registrations
  • Topic10 : Manage and monitor applications by using App governance / Review per-user entitlements by using Azure AD Entitlement management
  • Topic11 : Create and configure access review programs / Respond to access review activity, including automated and manual responses
  • Topic12 : Plan and implement privileged access / Plan and manage Azure resources in PIM, including settings and assignments
  • Topic13 : Manage PIM requests and approval process /

What should you configure for the Security administrator role assignment?

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.

You need to ensure that the IT department users only have access to the Security administrator role when


What should you configure for the Security administrator role assignment?
A . Expire eligible assignments after from the Role settings details
B . Expire active assignments after from the Role settings details
C . Assignment type to Active
D . Assignment type to Eligible

Answer: D


Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

What should you do?


You need to configure app registration in Azure AD to meet the delegation requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



Graphical user interface, text

Description automatically generated

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You modify the properties of the IT administrator user accounts.

Does this meet the goal?
A . Yes
B . No

Answer: A


Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

For which groups can you create an access review?

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?
A . Group1 only
B . Group1 and Group4 only
C . Group1 and Group2 only
D . Group1, Group2, Group4, and Group5 only
E . Group1, Group2, Group3, Group4 and Group5

Answer: D


You cannot create access reviews for device groups.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

What should you do first?

You have an Azure Active Directory Premium P2 tenant.

You create a Log Analytics workspace.

You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.

What should you do first?
A . Run the Set-AzureADTenantDetail cmdlet.
B . Create an Azure AD workbook.
C . Modify the Diagnostics settings for Azure A
E . Run the Get-AzureADAuditDirectoryLogs cmdlet.

Answer: C


Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics

Which MFA authentication method can the users use from the remote location?

You have a Microsoft 365 tenant.

All users have mobile phones and laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?
A . a notification through the Microsoft Authenticator app
B . an app password
C . Windows Hello for Business

Answer: C


In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.

After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user’s device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.




Does this meet the goal?

Topic 3, Misc. Questions

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.

Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.

You need to ensure that a new security administrator receives the alerts instead of you.

Solution: From Azure monitor, you modify the action group.

Does this meet the goal?
A . Yes
B . No

Answer: B