Page: 1
/ 14
Total 306 questions
Microsoft SC-300 Microsoft Identity and Access Administrator Exam Practice Test
Question 1
SIMULATION
Task 10
You need to create a group named Audit. The solution must ensure that the members of Audit can activate the Security Reader role.
Answer : A
To create a group named ''Audit'' and ensure that its members can activate the Security Reader role, follow these steps:
Open the Microsoft Entra admin center:
Sign in with an account that has the Security Administrator or Global Administrator role.
Navigate to Groups:
Go to Teams & groups > Active teams and groups1.
Create the security group:
Select Add a security group.
On the Set up the basics page, enter ''Audit'' as the group name.
Add a description if necessary and choose Next1.
Edit settings:
Assign roles:
After creating the group, go to Roles > All roles.
Find and select the Security Reader role.
Under Assignments, choose Assign.
Select the ''Audit'' group to assign the role to its members2.
Review and finish:
Review the settings to ensure the ''Audit'' group is created with the ability for its members to activate the Security Reader role.
Finish the setup and save the changes.
By following these steps, you will have created the ''Audit'' group and enabled its members to activate the Security Reader role, which allows them to view security-related information without having permissions to change it. Remember to communicate the new group and role assignment to the relevant stakeholders in your organization.
Question 2
SIMULATION
Task 8
You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.
Answer : A
To prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID, you can create a Conditional Access policy that blocks legacy authentication. Here's how to do it:
Sign in to the Microsoft Entra admin center:
Ensure you have the role of Global Administrator or Conditional Access Administrator.
Navigate to Conditional Access:
Go to Security > Conditional Access.
Create a new policy:
Select + New policy.
Give your policy a name that reflects its purpose, like ''Block Legacy Auth''.
Set users and groups:
Under Assignments, select Users or workload identities.
Under Include, select All users.
Target resources:
Under Cloud apps or actions, select All cloud apps.
Set conditions:
Under Conditions > Client apps, set Configure to Yes.
Check only the boxes for Exchange ActiveSync clients and Other clients.
Configure access controls:
Under Access controls > Grant, select Block access.
Enable policy:
Confirm your settings and set Enable policy to Report-only initially to understand the impact.
By following these steps, you will block legacy authentication protocols for all users, enhancing the security posture of your organization by requiring modern authentication methods. Remember to monitor the impact of this policy and adjust as necessary to ensure business continuity.
Question 3
SIMULATION
Task 7
You need to lock out accounts for five minutes when they have 10 failed sign-in attempts.
Answer : A
To configure the account lockout settings so that accounts are locked out for five minutes after 10 failed sign-in attempts, you can follow these steps:
Open the Microsoft Entra admin center:
Sign in with an account that has the Security Administrator or Global Administrator role.
Navigate to the lockout settings:
Go to Security > Authentication methods > Password protection.
Adjust the Smart Lockout settings:
Set the Lockout threshold to 10 failed sign-in attempts.
Set the Lockout duration (in minutes) to 5.
Question 4
SIMULATION
Task 6
You need to implement additional security checks before the members of the Sg-Executive can access any company apps. The members must meet one of the following conditions:
* Connect by using a device that is marked as compliant by Microsoft Intune.
* Connect by using client apps that are protected by app protection policies.
Answer : A
To implement additional security checks for the Sg-Executive group members before they can access any company apps, you can use Conditional Access policies in Microsoft Entr
a. Here's a step-by-step guide:
Sign in to the Microsoft Entra admin center:
Ensure you have the role of Global Administrator or Security Administrator.
Navigate to Conditional Access:
Go to Security > Conditional Access.
Create a new policy:
Select + New policy.
Name the policy appropriately, such as ''Sg-Executive Security Checks''.
Assign the policy to the Sg-Executive group:
Under Assignments, select Users and groups.
Choose Select users and groups and then Groups.
Search for and select the Sg-Executive group.
Define the application control conditions:
Under Cloud apps or actions, select All cloud apps to apply the policy to any company app.
Set the device compliance requirement:
Under Conditions > Device state, configure the policy to include devices marked as compliant by Microsoft Intune.
Set the app protection policy requirement:
Under Conditions > Client apps, configure the policy to include client apps that are protected by app protection policies.
Configure the access controls:
Under Access controls > Grant, select Grant access.
Choose Require device to be marked as compliant and Require approved client app.
Ensure that the option Require one of the selected controls is enabled.
Enable the policy:
Set Enable policy to On.
Review and save the policy:
Review all settings to ensure they meet the requirements.
Click Create to save and implement the policy.
By following these steps, you will ensure that the Sg-Executive group members can only access company apps if they meet one of the specified conditions, either by using a compliant device or a protected client app. This enhances the security posture of your organization by enforcing stricter access controls for executive-level users.
Question 5
SIMULATION
Task 5
You need to assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group.
Answer : A
To assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group, you can follow these steps:
Sign in to the Microsoft Entra admin center:
Make sure you have the role of Global Administrator or License Administrator.
Navigate to the licensing page:
Find the Windows 10/11 Enterprise E3 license:
Look for the Windows 10/11 Enterprise E3 license in the list of available products.
Assign licenses to the group:
Select the license and then choose Assign licenses.
Search for and select the Sg-Retail group.
Confirm the assignment and make sure that the correct number of licenses is available for the group.
Review and confirm the assignment:
Ensure that the licenses have been properly assigned to the Sg-Retail group without affecting other groups or users.
Monitor the license status:
Check the license usage and status to ensure that the Sg-Retail group members can utilize the Windows 10/11 Enterprise E3 features.
By following these steps, the Sg-Retail group should now have the Windows 10/11 Enterprise E3 licenses assigned to them.
Question 6
You have a Microsoft Entra tenant.
You need to create a Conditional Access policy to manage administrative access to the tenant. The solution must ensure that administrators are authenticated by using a phishing-resistant multi-factor authentication (MFA) method.
Which three authentication methods should you include in the solution? Each correct answer presents a complete solution.
Answer : A, B, C
Question 7
You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.
Which resources can use Managed 1 as their identity?
Answer : D
All Official Question Types