leads4pass SC-300 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the SC-300 certification exam, covering more than 95% of the exam questions in the exam room!
And, offer the most popular study methods: SC-300 dumps PDF, and SC-300 dumps VCE, both study formats contain the latest certification exam questions and answers!
Therefore, the best exam solution is to use SC-300 dumps with PDF and VCE formats: https://www.leads4pass.com/sc-300.html (146 Q&A), to help you practice easily and achieve exam success.
What’s more! Part of the leads4pass SC-300 dumps exam questions online for free download: https://drive.google.com/file/d/18ri8YZ_2oVhWWkDAPTzEUM6fke8FdSUg/
You can also practice some of the leads4pass SC-300 dumps exam questions online
From | Number of exam questions | Exam name | Exam code |
Free | 15 | Microsoft Identity and Access Administrator | SC-300 |
Question 1:
You need to meet the planned changes and technical requirements for App1. What should you implement?
A. a policy set in Microsoft Endpoint Manager
B. an app configuration policy in Microsoft Endpoint Manager
C. an app registration in Azure AD
D. Azure AD Application Proxy
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Question 2:
You create a Log Analytics workspace.
You need to implement the technical requirements for auditing.
What should you configure in Azure AD?
A. Company branding
B. Diagnostics settings
C. External Identities
D. App registrations
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring
Question 3:
You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?
A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
B. From PowerShell, run Set-ADSyncScheduler.
C. From PowerShell, run Start-ADSyncSyncCycle.
D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.
Correct Answer: A
You need to select Customize synchronization options to configure Azure AD Connect to sync the Adatum organizational unit (OU).
Question 4:
You need to meet the planned changes for the User administrator role. What should you do?
A. Create an access review.
B. Create an administrative unit.
C. Modify Active assignments.
D. Modify Role settings.
Correct Answer: D
Role Setting details are where you need to be: Role setting details – User Administrator Privileged Identity Management | Azure AD roles Default Setting State Require justification on activation Yes Require ticket information on activation No On activation, require Azure MFA Yes Require approval to activate No Approvers None
Question 5:
You need to locate licenses to the A. Datum users. The solution must need the technical requirements. Which type of object should you create?
A. A Dynamo User security group
B. An OU
C. A distribution group
D. An administrative unit
Correct Answer: A
Question 6:
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant-
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the computers for Azure AD Seamless SSO.
What should you do?
A. Enable Enterprise State Roaming.
B. Configure Sign-in options.
C. Install the Azure AD Connect Authentication Agent.
D. Modify the Intranet Zone settings.
Correct Answer: D
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
Question 7:
You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative users. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?
A. Authentication administrator
B. Helpdesk administrator
C. Privileged authentication administrator
D. Security operator
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Question 8:
You have a Microsoft 365 tenant.
You currently allow email clients that use Basic authentication to conned to Microsoft Exchange Online.
You need to ensure that users can connect t to Exchange-only run email clients that use Modern authentication protocols.
What should you implement?
You need to ensure that use Modern Authentication
A. a compliance policy in Microsoft Endpoint Manager
B. a conditional access policy in Azure Active Directory (Azure AD)
C. an application control profile in Microsoft Endpoint Manager
D. an OAuth policy in Microsoft Cloud App Security
Correct Answer: B
Question 9:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure Azure AD Password Protection.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 10:
You have an Azure Active Directory (Azure AD) tenant.
You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.
For how long does Azure AD store events in the sign-in logs?
A. 14 days
B. 30 days
C. 90 days
D. 365 days
Correct Answer: B
Question 11:
You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
1.
A device named Device1
2.
Users named User1, User2, User3, User4, and User5 Groups named Group1, Group2, Group3, Group4, and Group5 The groups are configured as shown in the following table.
To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?
A. Group1 and Group4 only
B. Group1, Group2, Group3, Group4, and Group5
C. Group1 and Group2 only
D. Group1 only
E. Group1, Group2, Group4, and Group5 only
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
Question 12:
You create the Azure Active Directory (Azure AD) users shown in the following table.
On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.
The user’s authentication to Azure AD on their devices is shown in the following table.
On February 26, 2021, what will the multi-factor auth status be for each user?
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: B
Question 13:
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure monitor, you create a data collection rule.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Question 14:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
Question 15:
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?
A. an access review
B. the terms or use
C. a linked subscription
D. a user flow
Correct Answer: C
leads4pass SC-300 dumps share two study materials for free: you can download them online and practice exams online!
Now! Download the SC-300 best practice solution! Use leads4pass SC-300 dumps with PDF and VCE: https://www.leads4pass.com/sc-300.html Contains 146 latest exam questions and answers to help you pass the exam 100%.