Microsoft Identity and Access Administrator (SC-300)

FREE Microsoft Identity and Access Administrator Certification Questions and Answers

0%

An Azure Active Directory (Azure AD) tenant and your Active Directory domain are synced. A VPN server that authenticates to the on-premises Active Directory domain is part of the on-premises network. The Azure Multi-Factor Authentication feature is NOT supported by the VPN server (MFA). You must suggest a method for enabling Azure MFA for VPN connections. What should the recommendation contain?

An Azure AD Password Protection proxy

Azure AD Application Proxy

A pass-through authentication proxy

Network Policy Server (NPS)

Correct! Wrong!

Your Azure Active Directory (Azure AD) tenancy already exists. To look into previous sign-ins, you must look via the Azure AD sign-ins log. How long are events kept in the sign-in log by Azure AD?

365 days

30 days

14 days

90 days

Correct! Wrong!

You set up a new Microsoft 365 tenant to utilize the contoso.com domain name by default. By utilizing conditional access restrictions, you must make sure that you have control over who has access to Microsoft 365 resources. What should you do first?

Disable Security defaults

Disable the User consent settings

Configure password protection for Windows Server Active Directory

Configure a multi-factor authentication (MFA) registration policy

Correct! Wrong!

Your business recently adopted Privileged Identity Management for Azure Active Directory (Azure AD) (PIM). You analyze the roles in PIM and find that all 15 employees in the company's IT division have permanent security administrator privileges. The IT department users should only have access to the Security administrator job when necessary, you must make sure. How should the Security administrator role assignment be configured?

Expire active assignments after from the Role settings details

Expire eligible assignments after from the Role settings details

Assignment type to Eligible

Assignment type to Active

Correct! Wrong!

You have a tenant called contoso.com in Azure Active Directory (Azure AD). At Fabrikam, Inc., you use entitlement management to grant users access to resources. The website fabrikam.com is operated by Fabrikam. Once access is no longer necessary, Fabrikam users must be automatically deleted from the tenant. The following settings require configuration:

- Block external users from signing in to this directory: No
- Remove external user: Yes
- Number of days before removing the external user from this directory: 90

What should you configure on the Identity Governance blade?

Terms of use

Access reviews

Access packages

Settings

Correct! Wrong!

You are a Premium P2 tenant of Azure Active Directory. You establish a workspace for Log Analytics. You must make sure that using Azure Monitor, you can access data from the Azure Active Directory (Azure AD) audit logs.
What should you do first?

Run the Get-AzureADAuditDirectoryLogs cmdlet

Modify the Diagnostics settings for Azure A

Create an Azure AD workbook

Run the Set-AzureADTenantDetail cmdlet

Correct! Wrong!

You have a tenant called contoso.com in Azure Active Directory (Azure AD). Policies governing conditional access are applied to all users that run applications that are registered in Azure AD. The users must not be allowed to use legacy authentication. What ought to be covered by the conditional access policies to weed out attempts at legacy authentication?

A sign-in risk condition

Cloud apps or actions condition

User risk condition

Client apps condition

Correct! Wrong!