Home
Microsoft
SC-300: Microsoft Identity and Access Administrator Dumps

Free Microsoft SC-300 Exam Dumps May 2026

Here you can find all the free questions related with Microsoft Identity and Access Administrator (SC-300) exam. You can also find on this page links to recently updated premium files with which you can practice for actual Microsoft Identity and Access Administrator Exam. These premium versions are provided as SC-300 exam practice tests, both as desktop software and browser based application, you can use whatever suits your style. Feel free to try the Microsoft Identity and Access Administrator Exam premium files for free, Good luck with your Microsoft Identity and Access Administrator Exam.

Question No: 1

MultipleChoice

You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service password reset (SSPR) enabled.

You enable combined registration in interrupt mode.

You create a new user named User1.

Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options

Aa FID02 security key

Ba hardware token

Ca one-time passcode email

DWindows Hello for Business

Ethe Microsoft Authenticator app

Answer
A, E

Question No: 2

MultipleChoice

You need to meet the authentication requirements for leaked credentials.

What should you do?

Options

AEnable federation with PingFederate in Azure AD Connect.

BConfigure Azure AD Password Protection.

CEnable password hash synchronization in Azure AD Connect.

DConfigure an authentication method policy in Azure AD.

Answer
CExplanation

https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity

Question No: 3

MultipleChoice

You have an Azure subscription that contains the users shown in the following table.

You need to implement Azure AD Privileged Identity Management (PIM).

Which users can use PIM to activate their role permissions?

Options

AAdmin! only

BAdmin2 only

CAdmin3 only

DAdmin1 and Admin2 only

EAdmin2 and Admin3 only

FAdmin1, Admin2, and Admin3

Answer
D

Question No: 4

MultipleChoice

You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you configure?

Options

Anamed locations that have a private IP address range

Bnamed locations that have a public IP address range

Ctrusted IPs that have a public IP address range

Dtrusted IPs that have a private IP address range

Answer
BExplanation

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Location offer your country set, IP ranges MFA trusted IP and corporate network VPN gateway IP address: This is the public IP address of the VPN device for your on-premises network. The VPN device requires an IPv4 public IP address. Specify a valid public IP address for the VPN device to which you want to connect. It must be reachable by Azure Client Address space: List the IP address ranges that you want routed to the local on-premises network through this gateway. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks your virtual network connects to, or with the address ranges of the virtual network itself.

Question No: 5

Hotspot

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table

The subscription contains a Conditional Access policy that has the following settings:

* Name: Policy1

Target resources

* Include

* All cloud apps

* Access controls

* Grant

* Requite multifactor authentication

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer

Question No: 6

MultipleChoice

Task 4

You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.

Options

ASee the Explanation for the complete step by step solution

Answer
AExplanation

To ensure that all users can consent to apps that require permission to read their user profile and prevent them from consenting to apps that require any other permissions, you can configure the user consent settings in the Microsoft Entra admin center. Here's how you can do it:

Access the Microsoft Entra admin center with Global Administrator privileges.

Navigate to user consent settings:

Go to Identity > Applications > Enterprise applications > Consent and permissions > User consent settings1.

Configure the consent settings:

Under User consent for applications, select the option that allows users to consent to apps that only require permission to read their user profile.

Ensure that all other permissions are set to require administrator consent, thus preventing users from consenting to apps that require additional permissions1.

Save the settings:

After configuring the consent settings, select Save to apply the changes.

By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.

Question No: 7

MultipleChoice

Task 3

You need to add the Linkedln application as a resource to the Sales and Marketing access package. The solution must NOT remove any other resources from the access package.

Options

ASee the Explanation for the complete step by step solution

Answer
AExplanation

To add the LinkedIn application as a resource to the Sales and Marketing access package without removing any other resources, you can follow these steps:

Ensure you have the role of Global Administrator or Identity Governance Administrator.

Navigate to Entitlement Management:

Go toIdentity governance>Entitlement management>Access packages1.

Select the Sales and Marketing access package:

Find and select theSales and Marketingaccess package to modify it.

Add a new resource:

Within the access package details, selectResources.

Click on+ Add resource.

Search for and select theLinkedInapplication from the list of available resources.

Configure the resource role:

Assign the appropriate role for the LinkedIn application that users in the Sales and Marketing access package will have.

Review and update the access package:

Ensure that the LinkedIn application has been added as a resource.

Confirm that no other resources have been removed from the access package.

Save the changes:

After reviewing, save the changes to the access package.

Communicate the update:

Notify the relevant users about the addition of the LinkedIn application to their access package.

By following these steps, you will successfully add the LinkedIn application to the Sales and Marketing access package without affecting the other resources.

Question No: 8

MultipleChoice

Task 1

You need to deploy multi factor authentication (MFA). The solution must meet the following requirements:

* Require MFA registration only for members of the Sg-Finance group.

* Exclude Debra Berger from having to register for MFA.

* Implement the solution without using a Conditional Access policy.

Options

ASee the Explanation for the complete step by step solution

Answer
AExplanation

To deploy Multi-Factor Authentication (MFA) for only the members of the Sg-Finance group, excluding Debra Berger, and without using a Conditional Access policy, you can follow these steps:

Open the Microsoft Entra admin center:

Navigate to MFA settings:

Go toUsers>Active users.

On theActive userspage, selectMulti-factor authentication.

Manage user settings:

Find and select theSg-Financegroup.

Enable MFA for this group by setting therequirement statustoEnabled.

Exclude a user from MFA:

In theMulti-factor authenticationpage, search forDebra Berger.

Set her MFA status toDisabledto exclude her from MFA registration.

Verify the configuration:

Ensure that all members of the Sg-Finance group have MFA enabled except for Debra Berger.

Communicate the change:

Inform the Sg-Finance group members about the MFA requirement and provide instructions on how to register for MFA.

Monitor the setup:

Check the sign-in logs to confirm that MFA is being prompted for the Sg-Finance group members and not for Debra Berger.

Question No: 9

MultipleChoice

Task 2

You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements:

* The reviews must occur monthly.

* The manager of each guest user must review the access.

* If the reviews are NOT completed within five days, access must be removed.

* If the guest user does not have a manager, Megan Bowen must review the access.

Options

ASee the Explanation for the complete step by step solution

Answer
AExplanation

To implement a process for reviewing guest users' access to the Salesforce app with the specified requirements, you can use Microsoft Entra's Identity Governance access reviews feature. Here's a step-by-step guide:

Assign the appropriate role:

Ensure you have one of the following roles: Global Administrator, User Administrator, or Identity Governance Administrator1.

Navigate to Identity Governance:

Go to Identity governance > Access reviews1.

Create a new access review:

Select New access review.

Choose the Salesforce app to review guest user access1.

Configure the review settings:

Set the frequency of the review to monthly.

Define the duration of the review period to 5 days1.

Determine the reviewers:

Assign the manager of each guest user as the reviewer.

If a guest user does not have a manager, assign Megan Bowen as the reviewer1.

Automate the removal process:

Configure settings to automatically remove access if the review is not completed within the specified time frame1.

Monitor and enforce compliance:

Regularly check the access review results to ensure compliance with the review policy1.

Communicate the process:

Inform all stakeholders about the new review process and provide guidance on how to complete the reviews.

By following these steps, you can ensure that guest users' access to the Salesforce app is reviewed monthly, with managers being responsible for the review, and access is removed if the review is not completed in time.

Question No: 10

Hotspot

You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license. The tenant contains the users shown in the following table.

You have the Device Settings shown in the following exhibit.

User1 has the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

An additional local device administrator has not been applied

Answer

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

Question No: 11

MultipleChoice

You need to resolve the issue of IT.Group1. What should you do first?

Options

ARecreate the IT_Group 1 group.

BChange Membership type of IT.Group1 to Dynamic Device

CAdd an owner to IT_Group1.

DChange Membership type of IT.Group1 to Dynamic User

Answer
B

Question No: 12

Hotspot

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.

The tenant contains the groups shown in the following table.

The tenant contains the users shown in the following table.

Answer

Question No: 13

Hotspot

You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)

You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)

You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer

Explanation

a) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal

b) maybe https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups

c) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-properties#visible-to-users

Question No: 14

Hotspot

You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)

You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)

You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Reference

a) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal

b) maybe https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups

c) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-properties#visible-to-users

Answer

Question No: 15

MultipleChoice

You need to implement the planned changes for Package!. Which users can create and manage the access review?

Options

AUser3 only

BUser4 only

CUser5 only

DUser3 and User4

EUser3 and User5

FUser4and User5

Answer
C

Question No: 16

Hotspot

User1 is assigned the User Administrator role.

You need to configure External collaboration settings for the tenant to meet the following requirements: |

*Guest users must be prevented from querying staff email addresses.

*Guest users must be able to access the tenant only if they are invited by User1.

Which three settings should you configure? To answer, select the appropriate settings in the answer area.

Answer

Question No: 17

Hotspot

You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license. The tenant contains the users shown in the following table.

You have the Device Settings shown in the following exhibit.

User1 has the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

Question No: 18

Hotspot

You have an Azure AD tenant that contains a user named User1. User1 is assigned the User Administrator role.

You need to configure External collaboration settings for the tenant to meet the following requirements: |

*Guest users must be prevented from querying staff email addresses.

*Guest users must be able to access the tenant only if they are invited by User1.

Which three settings should you configure? To answer, select the appropriate settings in the answer area.

Answer

Question No: 19

Hotspot

You need to create the LWGroup1 group to meet the management requirements.

How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.