Practice SC-300 Exam Online

Question 1

Case Study -

Overview -

ADatum Corporation is a consulting company in Montreal.

ADatum recently acquired a Vancouver-based company named Litware, Inc.

Existing Environment. ADatum Environment

The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com.

ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect.

ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled.

The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Existing Environment. Litware Environment

Litware has an AD DS forest named litware.com

Existing Environment. Problem Statements

ADatum identifies the following issues:

• Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit.

• A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address.

• When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list.

• Anyone in the organization can invite guest users, including other guests and non-administrators.

• The helpdesk spends too much time resetting user passwords.

• Users currently use only passwords for authentication.

Requirements. Planned Changes -

ADatum plans to implement the following changes:

• Configure self-service password reset (SSPR).

• Configure multi-factor authentication (MFA) for all users.

• Configure an access review for an access package named Package1.

• Require admin approval for application access to organizational data.

• Sync the AD DS users and groups of litware.com with the Azure AD tenant.

• Ensure that only users that are assigned specific admin roles can invite guest users.

• Increase the maximum number of devices that can be joined or registered to Azure AD to 10.

Requirements. Technical Requirements

ADatum identifies the following technical requirements:

• Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year.

• Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period.

• Users must provide one authentication method to reset their password by using SSPR. Available methods must include:

- Email

- Phone

- Security questions

- The Microsoft Authenticator app

• Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains.

• The principle of least privilege must be used.

You need to implement the planned changes for Package1.

Which users can create and manage the access review?

A : User3 only

B : User4 only

C : User5 only

D : User3 and User4

E : User3 and User5

F : User4 and User5

Answer: E

Question 2

You have an Azure Active Directory (Azure AD) Azure AD tenant.

You need to bulk create 25 new user accounts by uploading a template file.

Which properties are required in the template file?

A : displayName, identityIssuer, usageLocation, and userType

B : accountEnabled, givenName, surname, and userPrincipalName

C : accountEnabled, displayName, userPrincipalName, and passwordProfile

D : accountEnabled, passwordProfile, usageLocation, and userPrincipalName

Answer: C

Question 3

You have an Azure AD tenant.

You configure User consent settings to allow users to provide consent to apps from verified publishers.

You need to ensure that the users can only provide consent to apps that require low impact permissions.

What should you do?

A : Create an enterprise application collection.

B : Create an access review.

C : Create an access package.

D : Configure permission classifications.

Answer: A

Question 4

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users.

You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

A : the Administrative units blade in the Azure Active Directory admin center

B : the Set-MsolUserLicense cmdlet

C : the Groups blade in the Azure Active Directory admin center

D : the Set-WindowsProductKey cmdlet

Answer: A

Question 5

You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a Microsoft SharePoint Online site named Site1.

The subscription contains the devices shown in the following table.

The users sign in to the devices as shown in the following table.

You have a Conditional Access policy that has the following settings:

• Name: CA1

• Assignments

o Users and groups: User1, User2, User3

o Cloud apps or actions: SharePoint - Site1

• Access controls

o Session: Use app enforced restrictions

From the SharePoint admin center, you configure Access control for unmanaged devices to allow limited, web-only access.

Which users will have full access to Site1?

A : User1 only

B : User2 only

C : User3only

D : User1 and User2 only

E : User1, User2, and User3

Answer: B

Name:	Microsoft Identity and Access Administrator
Exam Code:	SC-300
Certification:	Identity and Access Administrator Associate
Vendor:	Microsoft
Total Questions:	314
Last Updated:	Apr 25, 2024

Microsoft SC-300