SC-300 Cheat Sheet 2026

The 30 highest-yield SC-300 facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

50 questions
100 min time limit
70.00% to pass
  1. Which Conditional Access control can restrict what users can do within a cloud application session without blocking access entirely? Session control: Use Conditional Access App Control
  2. Which Identity Protection configuration setting controls the percentage of the organization's users who must be covered by the MFA registration policy? Users scope — All users or specific groups
  3. Which report in Azure AD helps administrators identify users who have NOT registered for MFA? Authentication methods activity report
  4. What is the minimum number of authentication methods a user must register when SSPR is configured to require 2 methods? 2
  5. Which Entitlement Management feature allows users from partner organizations with a different Azure AD tenant to request access packages? Connected organizations
  6. Which of the following authentication methods supports SMS as a verification option in Azure AD? Self-Service Password Reset (SSPR)
  7. Which Azure AD feature allows bulk invitation of multiple guest users by uploading a CSV file? Bulk invite users feature in the Azure portal
  8. Which Azure AD feature allows users to reset their own passwords without contacting the helpdesk? Self-Service Password Reset (SSPR)
  9. An administrator configures a Conditional Access policy with the 'Require approved client app' grant control. Which scenario will this control block? A user accessing Exchange Online from a native mail app that is not Intune-managed
  10. A Privileged Role Administrator wants to prevent any user from having a permanent eligible Global Administrator assignment. Which PIM setting enforces this? Set assignment expiration for eligible assignments
  11. A Conditional Access policy is set to 'Report-only' mode. What is the effect on users? Policy evaluates but does not enforce; results are logged only
  12. What action does 'Apply results' perform at the end of an Access Review? It implements the decisions made during the review by adding or removing access
  13. An administrator needs to extend a user's expiring eligible role assignment without having the user re-activate. Which PIM action should the administrator take? Update the existing assignment's end date using the 'Extend' option
  14. In PIM for Azure resources, which assignment type makes a user a permanent owner of a resource without any activation required? Active assignment
  15. A user successfully completes SSPR to reset their password after being flagged by Identity Protection. What is the result on their user risk level? User risk is automatically remediated and reset to none
  16. An administrator enables Azure AD Security Defaults. Which statement about Security Defaults and MFA is correct? Security Defaults enforce MFA for all users and block legacy authentication protocols
  17. Which named location type in Conditional Access allows you to specify trusted locations using IP ranges? IP ranges location
  18. To achieve the monitoring criteria, you must configure the detection of many staged attacks. What should you do? Add Azure Sentinel data connectors.
  19. When an external user accepts a B2B collaboration invitation, what type of account is created in the inviting organization's Azure AD tenant? A guest user account (UserType = Guest)
  20. In an Access Review configured for group members, who can be designated as reviewers? Group owners, selected reviewers, members themselves, or managers of members
  21. A security team wants to require that users provide a support ticket number when activating the Security Administrator role. Which PIM setting enables this? Require ticket information on activation
  22. Which Identity Protection policy automatically blocks or requires MFA for sign-ins that are detected as medium or high risk? Sign-in risk policy
  23. An access package policy is configured with a 14-day expiration and no renewal. What happens to a user's access when the assignment expires? Access is automatically removed from all resources included in the access package
  24. An administrator configures Authentication Strengths in Azure AD Conditional Access. What do Authentication Strengths define? A combination of authentication methods that must be satisfied to access a resource
  25. A company wants to automatically force a password reset for any user whose risk level reaches 'High'. Which Identity Protection configuration achieves this? Configure the user risk policy to require password change at high risk
  26. Which feature in Access Reviews allows a reviewer to look at a decision made by another reviewer and override it during the review period? Multi-stage reviews
  27. What minimum Azure AD license is required to use Privileged Identity Management? Azure AD Premium P2
  28. In Entitlement Management, what happens when a connected organization user is no longer a member of the connected organization? Their assignments can be automatically removed based on the policy's expiration settings
  29. A user with an eligible Global Administrator role wants to activate it. They are not prompted for MFA during activation. What is the most likely cause? The 'Require Azure MFA on activation' setting is disabled for the role
  30. Which risk detection in Identity Protection is triggered when a user's credentials appear in a publicly disclosed data breach? Leaked credentials
Turn these facts into recall: