Free Microsoft Identity and Access Administrator Exam SC-300 Exam Practice Test

You have a Microsoft 365 ES subscription that user Microsoft Defender for Cloud Apps and Yammer.You need prevent users from signing in to Yammer from high-risk locations.What should you do in the Microsoft Defender for Cloud Apps portal?

• Create an access Policy.
• Create an activity policy.
• Unsanction Yammer.
• Create an anomaly detection policy.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.Solution: You configure password writeback.Does this meet the goal?

• Yes
• No

You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• Select Require justification on activation
• Set all assignments to Active
• Set all assignments to Eligible
• Modify the Expire eligible assignments after setting.
• Select Require ticket information on activation.

You have a Microsoft 365 tenant.The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center.You need to review access to the Exchange admin center at the end of each month and block sign-ins ifrequired.What should you create?

• an access package that targets users outside your directory
• an access package that targets users in your directory
• a group-based access review that targets guest users
• an application-based access review that targets guest users

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.You have a Microsoft 365 E5 subscription.You create a user named User1.You need to ensure that User1 can update the status of identity Secure Score improvement actions.Solution: You assign the User Administrator role to User1.Does this meet the goal?

• Yes
• No

You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert. You need to test the policy under the following conditions;* A user signs in from another country.* A user triggers a sign-in risk.What should you use to complete the test?

• the Conditional Access What If tool
• sign-ins logs in Azure AD
• access reviews in Azure AD
• the activity logs in Microsoft Defender for Cloud Apps

You have a Microsoft 365 E5 subscription.You need to be able to create a Microsoft Defender for Cloud Apps session policy.What should you do first?

• From the Microsoft Defender portal, select User monitoring.
• From the Microsoft Entra admin center, create a Conditional Access policy.
• From the Microsoft Defender portal, select App onboarding/maintenance
• From the Microsoft Defender portal, create a continuous report.

You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret 1.You enable a system-assigned managed identity for Automation1.You need to ensure that Automation! can read the contents of Secret1. The solution must meet the following requirements:* Prevent Automation1 from accessing other secrets stored in Vault1.* Follow the principle of least privilege.What should you do?

• From Vault1, configure the Access control (1AM) settings.
• From Automation1, configure the Identity settings.
• From Secret1, configure the Access control (1AM) settings
• From Automation1, configure the Run as accounts settings.

You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.What should you configure for storage1 in the Azure portal?

• the File share settings
• the Access control (1AM) settings
• a shared access signature (SAS)
• data protection
• access keys

You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service password reset (SSPR) enabled.You enable combined registration in interrupt mode.You create a new user named User1.Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

• a FID02 security key
• a hardware token
• a one-time passcode email
• Windows Hello for Business
• the Microsoft Authenticator app