Microsoft SC-300 - Microsoft Identity and Access Administrator Certification Exam
Question #1 (Topic: demo questions)
HOTSPOT Answer: You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.
Correct Answer: A
Explanation:
Azure AD Connect settings to modify: Directory Extensions allows you to extend the schema in Microsoft Entra ID (formerly Azure AD) with your own custom attributes from on-premises Active Directory. This is crucial when synchronization requires mapping specific attributes not available in the default schema.
Assign Azure AD licenses to: License assignment can be effectively automated by using An Azure Active Directory group that has the Dynamic User membership type. Dynamic user groups automatically add or remove members based on predefined attribute rules, ensuring licenses are scale-managed without manual intervention. Group-based licensing does not support nested groups.
Azure AD Connect settings to modify: Directory Extensions allows you to extend the schema in Microsoft Entra ID (formerly Azure AD) with your own custom attributes from on-premises Active Directory. This is crucial when synchronization requires mapping specific attributes not available in the default schema.
Assign Azure AD licenses to: License assignment can be effectively automated by using An Azure Active Directory group that has the Dynamic User membership type. Dynamic user groups automatically add or remove members based on predefined attribute rules, ensuring licenses are scale-managed without manual intervention. Group-based licensing does not support nested groups.
Litware recently added a custom user attribute namedLWLicensesto the litware.com Active Directory forest. Litware wants to manage the assignment of Azure AD licenses by modifying the value of theLWLicensesattribute. Users who have the appropriate value forLWLicensesmust be added automatically to a Microsoft 365 group that has the appropriate licenses assigned.
Question #2 (Topic: demo questions)
HOTSPOT You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1. What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Correct Answer: A
Explanation:
Server1 On DC1
Question #3 (Topic: demo questions)
HOTSPOT You need to create the LWGroup1 group to meet the management requirements. How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Correct Answer: A
Explanation:
Null “Member”
Question #4 (Topic: demo questions)
You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you configure
Correct Answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition Location offer your country set, IP ranges MFA trusted IP and corporate network VPN gateway IP address: This is the public IP address of the VPN device for your on-premises network. The VPN device requires an IPv4 public IP address. Specify a valid public IP address for the VPN device to which you want to connect. It must be reachable by Azure Client Address space: List the IP address ranges that you want routed to the local on-premises network through this gateway. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks your virtual network connects to, or with the address ranges of the virtual network itself.
Question #5 (Topic: demo questions)
You need to meet the authentication requirements for leaked credentials. What should you do?
Correct Answer: C
Explanation:
"Configure the Azure AD Password Protection proxy service on:"
DC1 should not host the proxy service (unless it is also being used as a member server, which is not the recommended deployment).
Answer: B. Configure Azure AD Password Protection
Proxy Service Servers: SERVER1 and SERVER2.
"Configure the Azure AD Password Protection proxy service on:"
The relevant solution is:
✅ B. Configure Azure AD Password Protection
For Azure AD Password Protection:-
The proxy service is installed on member servers, not on domain controllers.
-
The DC agent is installed on all domain controllers.
Therefore, the proxy service should be configured on:
| Configure the Azure AD Password Protection proxy service on |
|---|
| SERVER1 |
| SERVER2 |
Answer: B. Configure Azure AD Password Protection
Proxy Service Servers: SERVER1 and SERVER2.