Certs Club
Home
Oracle Microsoft Cisco CompTIA Salesforce Amazon AACE International Acams Anthropic Apple View All Vendors →
Login Register

Microsoft SC-300 - Microsoft Identity and Access Administrator Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

HOTSPOT Answer: You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point. 

A.
Configuration OptionCorrect Selection
Azure AD Connect settings to modify:Directory Extensions
Assign Azure AD licenses to:An Azure Active Directory group that has the Dynamic User membership type
Correct Answer: A
Explanation:
  • Azure AD Connect settings to modify: Directory Extensions allows you to extend the schema in Microsoft Entra ID (formerly Azure AD) with your own custom attributes from on-premises Active Directory. This is crucial when synchronization requires mapping specific attributes not available in the default schema.

  • Assign Azure AD licenses to: License assignment can be effectively automated by using An Azure Active Directory group that has the Dynamic User membership type. Dynamic user groups automatically add or remove members based on predefined attribute rules, ensuring licenses are scale-managed without manual intervention. Group-based licensing does not support nested groups.

Litware recently added a custom user attribute namedLWLicensesto the litware.com Active Directory forest. Litware wants to manage the assignment of Azure AD licenses by modifying the value of theLWLicensesattribute. Users who have the appropriate value forLWLicensesmust be added automatically to a Microsoft 365 group that has the appropriate licenses assigned.
Question #2 (Topic: demo questions)

HOTSPOT You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1. What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 

A.
Based on the image, the answer area can be represented as this table:
Configure the Azure AD Password Protection proxy service on:
DC1
SERVER1
SERVER2
And the dropdown options visible are:
Available Options
All DCs
On DC1
On SERVER1
On SERVER2
If you need it in an exam-style answer table:
Configuration ItemSelected Server
Azure AD Password Protection proxy serviceDC1 / SERVER1 / SERVER2 (select from dropdown)

Correct Answer: A
Explanation:
Server1 On DC1 
Question #3 (Topic: demo questions)

HOTSPOT You need to create the LWGroup1 group to meet the management requirements. How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

A.
(user.objectId -ne null) and (user.userType -eq "Guest")
Selected Drop-Down Values
Drop-Down SectionCorrect SelectionDescription
First Drop-down (user.objectId -ne)nullThe object ID of a valid user account is never null. Checking -ne null (not equal to null) validates that the object exists.
Second Drop-down (user.userType -eq)"Guest"This filters the membership specifically to target user accounts designated with the "Guest" user type.
Correct Answer: A
Explanation:
Null “Member” 
Question #4 (Topic: demo questions)

You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you configure

A.
named locations that have a private IP address range
B.
named locations that have a public IP address range
C.
trusted IPs that have a public IP address range
D.
trusted IPs that have a private IP address range
Correct Answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition Location offer your country set, IP ranges MFA trusted IP and corporate network VPN gateway IP address: This is the public IP address of the VPN device for your on-premises network. The VPN device requires an IPv4 public IP address. Specify a valid public IP address for the VPN device to which you want to connect. It must be reachable by Azure Client Address space: List the IP address ranges that you want routed to the local on-premises network through this gateway. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks your virtual network connects to, or with the address ranges of the virtual network itself.
Question #5 (Topic: demo questions)

You need to meet the authentication requirements for leaked credentials. What should you do?

A.
Enable federation with PingFederate in Azure AD Connect
B.
Configure Azure AD Password Protection.
C.
Enable password hash synchronization in Azure AD Connect.
D.
Configure an authentication method policy in Azure AD.
Correct Answer: C
Explanation:
"Configure the Azure AD Password Protection proxy service on:"
The relevant solution is:
B. Configure Azure AD Password Protection
For Azure AD Password Protection:
  • The proxy service is installed on member servers, not on domain controllers.
  • The DC agent is installed on all domain controllers.
Therefore, the proxy service should be configured on:
Configure the Azure AD Password Protection proxy service on
SERVER1
SERVER2
DC1 should not host the proxy service (unless it is also being used as a member server, which is not the recommended deployment).
Answer: B. Configure Azure AD Password Protection
Proxy Service Servers: SERVER1 and SERVER2.

Download Exam
Page: 1 / 1
Next Page