SC-300 Exam Dumps - Microsoft Identity and Access Administrator
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant contains a registered app named App1. You have a partner organization that has a Microsoft Entra tenant. The tenant contains a registered app named App2. You need to ensure that App1 can access App2.
Which two types of credentials can App1 use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant.
You open the risk detections report.
Which risk detection type is classified as a user risk?
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.
You need to ensure that you can control access to Microsoft 365 resources by using conditional access
policies.
What should you do first?
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have
permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when
required.
What should you configure for the Security administrator role assignment?
You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled.
The account lockout settings are configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
The users have the devices shown in the following table.
You create the following two Conditional Access policies:
• Name: CAPolicy1
• Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions
â– Filter for devices: Exclude filtered devices from the policy
â– Rule syntax: device.displayName -starts With "Device*"
o Access controls
â– Grant: Block access
â– Session: 0 controls selected
o Enable policy: On
• Name: CAPolicy2
• Assignments
o Users or workload identities: Group2
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions: 0 conditions selected
• Access controls
o Grant: Grant access
â– Require multifactor authentication
o Session:
0 controls selected
• Enable policy: On
All users confirm that they can successfully authenticate using MFA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.
What should you do first?