Microsoft Identity and Access Administrator SC-300 Quiz Questions and Answers

You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure password writeback. Does this meet the goal?

Answer :
  • No

You have a Microsoft 365 tenant. The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials. You plan to manage access to external applications by using Azure AD. You need to use the firewall logs to create a list of unmanaged external applications and the users who access them. What should you use to gather the information?

Answer :
  •  Cloud App Discovery in Microsoft Cloud App Security

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled. You need to implement a sign-in risk remediation policy without blocking user access. What should you do first?

Answer :
  •  Implement multi-factor authentication (MFA) for all users.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite?

Answer :
  • email address
  • redirection URL

You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure password writeback. Does this meet the goal?

Answer :
  • No

You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past. For how long does Azure AD store events in the sign-in logs?

Answer :
  • 30 days

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced. You create an Azure Sentinel instance and configure the Azure Active Directory connector. You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection. What should you do first?

Answer :
  • Add an Azure Sentinel data connector.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite?

Answer :
  • email address
  • redirection URL

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1. A contractor uses the credentials of user1@outlook.com. You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com. What should you do?

Answer :
  • Create a guest user account in contoso.com.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. All users who run applications registered in Azure AD are subject to conditional access policies. You need to prevent the users from using legacy authentication. What should you include in the conditional access policies to filter out legacy authentication attempts?

Answer :
  • a client apps condition