SC-300 Exam Details

  • Exam Code
    :SC-300
  • Exam Name
    :Microsoft Identity and Access Administrator
  • Certification
    :Microsoft Certifications
  • Vendor
    :Microsoft
  • Total Questions
    :465 Q&As
  • Last Updated
    :Jul 09, 2026

Microsoft SC-300 Online Questions & Answers

  • Question 391:

    HOTSPOT

    You have an Azure subscription.

    You need to create two custom roles named Role1 and Role2.

    The solution must meet the following requirements:

    1. Users that are assigned Role1 can manage application security groups.

    2. Users that are assigned Role2 can manage Azure Firewall.

    Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 392:

    You have an Azure Active Directory (Azure AD) tenant that uses Azure AD Identity Protection and contains the resources shown in the following table.

    Azure Multi-factor Authentication (MFA) is enabled for all users.

    User1 triggers a medium severity alert that requires additional investigation.

    You need to force User1 to reset his password the next time he signs in.

    The solution must minimize administrative effort.

    What should you do?

    A. Reconfigure the user risk, policy to trigger on medium or low severity.
    B. Mark User1 as compromised.
    C. Reset the Azure MIFA registration for User1.
    D. Configure a sign-in risk policy.

  • Question 393:

    You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

    You need to enable Microsoft Defender for Cloud Apps session control for Site1.

    Which type of policy should you create first?

    A. access
    B. app governance
    C. session
    D. Conditional Access

  • Question 394:

    HOTSPOT

    You have an Azure subscription named Sub1 that contains a storage account named storage1.

    You need to deploy two apps named App1 and App2 that will have the following configurations:

    1. App1 will be deployed as a registered app in Sub1.

    2. App1 will access storage1 by using Microsoft Entra authentication.

    3. App2 will access storage1 by using a single Microsoft Entra identity.

    4. App2 be hosted on two new virtual machines named VM1 and VM2.

    The solution must minimize administrative effort.

    Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

  • Question 395:

    You have a Microsoft 365 E5 subscription that contains a user named User1. User1 is eligible for the Application Administrator role.

    User1 needs to configure a new connector group for an application proxy.

    What should you use to activate the role for User1?

    A. the Microsoft 365 Defender portal
    B. the Microsoft 365 admin center
    C. the Microsoft Intune admin center
    D. the Microsoft Entra admin center

  • Question 396:

    SIMULATION

    You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.

    A. See the Explanation Below
    B. PlaceHolder
    C. PlaceHolder
    D. PlaceHolder

  • Question 397:

    You have an Azure AD tenant.

    You plan to implement Azure AD Privileged Identity Management (PIM).

    Which roles can you manage by using PIM?

    A. Global Administrator only
    B. Global Administrator and Security Administrator only
    C. Global Administrator, Security Administrator, and Security Contributor only
    D. Account Administrator, Global Administrator, Security Administrator, and Security Contributor only

  • Question 398:

    You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.

    You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.

    What should you do on the Remediation tab in Permissions Management?

    A. From the Role/Policy Template subtab, create a template.
    B. From the My Requests subtab, create a new request.
    C. From the Roles/Policies subtab, create a role.
    D. From the Permissions subtab, use a quick action.

  • Question 399:

    HOTSPOT

    You have a Microsoft 365 E5 subscription that has a Conditional Access policy named Policy1.

    You need to perform the following actions:

    Create a Conditional Access App Control custom policy named Custom1. Configure Policy1 to use Custom1.

    What should you use to create Custom1, and in which settings of Policy1 should you enable Conditional Access App Control? To answer, select the appropriate options in the answer area,

    NOTE: Each correct selection is worth one point.

  • Question 400:

    You have a Microsoft Entra tenant with Privileged Identity Management (PIM).

    You need to ensure that users activate roles only when required.

    What should you configure?

    A. Active assignment
    B. Eligible assignment
    C. Permanent assignment
    D. Group-based assignment

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-300 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.