Microsoft Identity and Access Administrator (SC-300) Free Practice Test
Question 1
You have an on-premises app named Appl. You have a Microsoft Entra tenant You plan to publish App1 by using Microsoft Entra Private Access. You need to enable the Private acces s profile. Which blade should you use in the Microsoft Entra admin center?
Correct Answer: C
Question 2
You have a Microsoft 365 E5 subscription that c ontains a Microsoft SharePoint Online site named Site1. You need to be notified if a user downloads more than 50 files in one minute from Site1.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.
What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.
Correct Answer:
Explanation:
SC-300 materials stress that to enforce modern controls (like MFA) on on-premises apps, you must front them with Azure AD so Conditional Access can evaluate sign-ins. The documentation states that Azure AD Application Proxy " provides secure remote access to on-premises applications " and that apps published through it can have " Conditional Access policies, including multifactor authentication " applied at sign- in. In other words, once the legacy app is published by Application Proxy, Azure AD sits in the path, enabling you to meet the requirement to enforce MFA when accessing on-premises applications and to combine it with your location-based exemptions.
For SharePoint Online restrictions, SC-300 points to Microsoft Cloud App Security (Defender for Cloud Apps) for real-time governance: you can create session policies that " control and limit activities in real time " and, for SharePoint Online and other Microsoft 365 apps, " monitor user sessions and block download, cut, copy, and print " when conditions (device state, risk, or location) warrant it. Since the scenario already has anomaly detections enabled, configuring Cloud App Security policies aligns directly with the requirement to place access restrictions on SharePoint Online without altering tenant-wide consent settings. Thus, publish on-prem apps with Application Proxy to bring them under Conditional Access (for MFA), and use Cloud App Security policies to enforce SharePoint Online session and download controls.
Question 4
You have an Azure Active Directory (Azure AD) tenant that contains the users show n in the following table.
User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?
User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
You have a Microsoft 365 tenant.
In M icrosoft Entra ID, you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant Other users must be denied access.
What should you configure?
In M icrosoft Entra ID, you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant Other users must be denied access.
What should you configure?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
You have an Azure AD tenant that contains the users shown in the following table.
User2 reports that he can only configure multi-factor authenticating (MFA) to use the Microsoft Authenticator app.
You need to ensure that User2 can configure alternate MFA methods.
Which configuration is required, and which user should perform the configuration? To answer, select the appropriate options in the answer area.
User2 reports that he can only configure multi-factor authenticating (MFA) to use the Microsoft Authenticator app.
You need to ensure that User2 can configure alternate MFA methods.
Which configuration is required, and which user should perform the configuration? To answer, select the appropriate options in the answer area.
Correct Answer:
Explanation:
In Microsoft Entra ID (Azure AD), Security Defaults is a built-in baseline security configuration that enforces basic identity protection, such as requiring all users to register for multi-factor authentication (MFA) using the Microsoft Authenticator app. When security defaults are enabled, users cannot select alternate MFA methods (like SMS or phone call).
According to the Microsoft SC-300 Official St udy Guide and Azure AD Identity Protection documentation , only administrators with elevated security roles-specifically the Security Administrator, Global Administrator, or Conditional Access Administrator-can enable or disable security defaults.
Here's the detailed reasoning:
* User1 (Security Administrator): This role can manage identity security settings, including modifying MFA configurations and security defaults.
* User2 (Privileged Authentication Administrator): This role can reset MFA details for other users but cannot modify tenant-wide MFA or security default settings.
* User3 (Service Support Administrator): This role is limited to viewing service health and support tickets and has no permissions to modify security configurations.
Since User2 is restricted by security defaults (which enforce Microsoft Authenticator only), the only way to allow alternative MFA methods is to disable or customize security defaults. That configuration must be done by User1 (Security Administrator).
Microsoft Documentation: " To enable or disable security defaults, you must be a Global Administrator, Security Administrator, or Conditional Access Administrator."
Question 8
You have 2,500 users who are assigned Microsoft 365 E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Microsoft Entra admin center, you assign Microsoft 365 E5 licenses to a group that includes all users. You need to remove the Microsoft 365 E3 licenses from the users by using the least amount of administrative effort What should you use?
Correct Answer: B
Question 9
You have an Azure subscription that contains an Azure Automation account named Automation1.
You need to grant Automation1 access to Azure resources. The solution must meet the following requirements:
* Ensure that any permissions granted to Automation1 are removed when the account is deleted.
* Minimize administrative effort.
What should you use?
You need to grant Automation1 access to Azure resources. The solution must meet the following requirements:
* Ensure that any permissions granted to Automation1 are removed when the account is deleted.
* Minimize administrative effort.
What should you use?
Correct Answer: D