01. Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment?
a) Expire eligible assignments after from the Role settings details
b) Expire active assignments after from the Role settings details
c) Assignment type to Active
d) Assignment type to Eligible
You have an Azure Active Directory (Azure AD) tenant named contoso.com. All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication. What should you include in the conditional access policies to filter out legacy authentication attempts?
a) a cloud apps or actions condition
b) a user risk condition
c) a client apps condition
d) a sign-in risk condition
03. You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.
For how long does Azure AD store events in the sign-in log?
a) 30 days
b) 14 days
c) 90 days
d) 365 days
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com. You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.
What should you do first?
a) Disable the User consent settings
b) Disable Security defaults
c) Configure a multi-factor authentication (MFA) registration policy
d) Configure password protection for Windows Server Active Directory
05. Reference Scenario: click here
You have an Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain.
The VPN server does NOT support Azure Multi-Factor Authentication (MFA). You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
a) Azure AD Application Proxy
b) an Azure AD Password Protection proxy
c) Network Policy Server (NPS)
d) a pass-through authentication proxy
06. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings:
- Block external user from signing in to this directory: No
- Remove external user: Yes
- Number of days before removing external user from this directory: 90
What should you configure on the Identity Governance blade?
a) Access packages
b) Settings
c) Terms of use
d) Access reviews
07. You have an Azure Active Directory Premium P2 tenant. You create a Log Analytics workspace. You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?
a) Modify the Diagnostics settings for Azure A
b) Run the Get-AzureADAuditDirectoryLogs cmdlet
c) Run the Set-AzureADTenantDetail cmdlet
d) Create an Azure AD workbook
08. You have an Azure Active Directory (Azure AD) tenant. You configure self-service password reset (SSPR) by using the following settings:
- Require users to register when signing in: Yes
- Number of methods required to reset: 1
What is a valid authentication method available to users?
a) a mobile app code
b) mobile app notification
c) an email to an address in your organization
d) home prison
09. Reference Scenario: click here
You have a Microsoft 365 tenant. In Azure Active Directory (Azure AD), you configure the terms of use. You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?
a) an access policy in Microsoft Cloud App Security
b) Terms and conditions in Microsoft Endpoint Manager
c) a conditional access policy in Azure AD
d) a compliance policy in Microsoft Endpoint Manager
You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report. Which risk detection type is classified as a user risk?
a) impossible travel
b) anonymous IP address
c) atypical travel
d) leaked credentials
The purpose of this Sample Question Set is to provide you with information about the Microsoft Identity and Access Administrator exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the SC-300 certification test. To get familiar with real exam environment, we suggest you try our Sample Microsoft Identity and Access Administrator Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual Microsoft Certified - Identity and Access Administrator Associate certification exam.