SC-300 Practice Test Free – 50 Questions to Test Your Knowledge
Are you preparing for the SC-300 certification exam? If so, taking a SC-300 practice test free is one of the best ways to assess your knowledge and improve your chances of passing. In this post, we provide 50 free SC-300 practice questions designed to help you test your skills and identify areas for improvement.
By taking a free SC-300 practice test, you can:
- Familiarize yourself with the exam format and question types
- Identify your strengths and weaknesses
- Gain confidence before the actual exam
50 Free SC-300 Practice Questions
Below, you will find 50 free SC-300 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level.
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User2, and User3. You create a group named Group1. You add User2 and User3 to Group1. You configure a role in Azure AD Privileged Identity Management (PIM) as shown in the Application Administrator exhibit. (Click the Application Administrator tab.)Group1 is configured as the approver for the Application administrator role. You configure User2 to be eligible for the Application administrator role. For User1 you add an assignment to the Application administrator role as shown in the Assignment exhibit. (Click the Assignment tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You need to allocate licenses to the new users from ADatum. The solution must meet the technical requirements. Which type of object should you create?
A. a Dynamic User security group
B. a distribution group
C. an OU
D. an administrative unit
HOTSPOT - You need to support the planned changes and meet the technical requirements for MFA. Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to meet the planned changes and technical requirements for App1. What should you implement?
A. a policy set in Microsoft Endpoint Manager
B. an app configuration policy in Microsoft Endpoint Manager
C. an app registration in Azure AD
D. Azure AD Application Proxy
HOTSPOT - You need to configure app registration in Azure AD to meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?
A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
B. From PowerShell, run Set-ADSyncScheduler.
C. From PowerShell, run Start-ADSyncSyncCycle.
D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.
HOTSPOT - You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
A company uses Dynamics 365 Supply Chain Management master planning. The company plans to run master planning throughout the day. Planning Optimization is not configured. The company administrator reports that they are not able to configure any master planning features or enable master planning in Dynamics 365. You need to implement Planning Optimization. What should you do first?
A. Place the environment into maintenance mode.
B. Deallocate the current environment.
C. Enable the Planning Optimization configuration key.
D. Set the value of the Use Planning Optimization field to yes.
E. Activate the Planning Optimization license.
You need to meet the authentication requirements for leaked credentials. What should you do?
A. Enable password hash synchronization in Azure AD Connect.
B. Configure Azure AD Password Protection.
C. Configure an authentication method policy in Azure AD.
D. Enable federation with PingFederate in Azure AD Connect.
HOTSPOT - You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to resolve the issue of the guest user invitations. What should you do for the Azure AD tenant?
A. Configure the Continuous access evaluation settings.
B. Configure a Conditional Access policy.
C. Configure the Access reviews settings.
D. Modify the External collaboration settings.
You have a Microsoft 365 tenant. In Azure Active Directory (Azure AD), you configure the terms of use. You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access. What should you configure?
A. an access policy in Microsoft Cloud App Security.
B. Terms and conditions in Microsoft Endpoint Manager.
C. a conditional access policy in Azure AD
D. a compliance policy in Microsoft Endpoint Manager
You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?
A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
B. From PowerShell, run Set-ADSyncScheduler.
C. From PowerShell, run Start-ADSyncSyncCycle.
D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.
You need to resolve the issue of the sales department users. What should you configure for the Azure AD tenant?
A. the Device settings
B. the Access reviews settings
C. the User settings
D. Security defaults
HOTSPOT - How should the access be setup to the on-premises applications? Hot Area:
HOTSPOT - You need to meet the technical requirements for license management by the helpdesk administrators. What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.Which objects can you add as eligible in Azure AD Privileged Identity Management (PIM) for an Azure AD role?
A. User1, Guest1, and Identity1
B. User1 and Guest1 only
C. User1 only
D. User1 and Identity1 only
You have a Microsoft 365 tenant. The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on-premises infrastructure failures. You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency. What should you do?
A. Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
B. Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
C. Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
D. Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.
You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements. What should you include in the configuration?
A. named locations that have a private IP address range
B. named locations that have a public IP address range
C. trusted IPs that have a public IP address range
D. trusted IPs that have a private IP address range
HOTSPOT - You need to create the LWGroup1 group to meet the management requirements. How should you complete the dynamic membership rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to meet the technical requirements for the probability that user identities were compromised. What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you modify the Diagnostics settings. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 tenant. The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center. You need to review access to the Exchange admin center at the end of each month and block sign-ins if required. What should you create?
A. an access package that targets users outside your directory
B. an access package that targets users in your directory
C. a group-based access review that targets guest users
D. an application-based access review that targets guest users
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You create a separate access review for each role. Does this meet the goal?
A. Yes
B. No
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights. You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment?
A. Expire eligible assignments after from the Role settings details
B. Expire active assignments after from the Role settings details
C. Assignment type to Active
D. Assignment type to Eligible
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. User1 has the devices shown in the following table.On November 5, 2020, you create and enforce terms of use in contoso.com that has the following settings: ✑ Name: Terms1 ✑ Display name: Contoso terms of use ✑ Require users to expand the terms of use: On ✑ Require users to consent on every device: On ✑ Expire consents: On ✑ Expire starting on: December 10, 2020 ✑ Frequency: Monthly On November 15, 2020, User1 accepts Terms1 on Device3. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure Monitor, you create a data collection rule. Does this meet the goal?
A. Yes
B. No
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.User1 is the owner of Group1. You create an access review that has the following settings: ✑ Users to review: Members of a group ✑ Scope: Everyone ✑ Group: Group1 ✑ Reviewers: Members (self) Which users can perform access reviews for User3?
A. User1, User2, and User3
B. User3 only
C. User1 only
D. User1 and User2 only
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights administrator role. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains Azure AD Privileged Identity Management (PIM) role settings for the User administrator role as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc. Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses. You plan to create an access package named package1 that will be accessible only to the users at Fabrikam. You create a connected organization for Fabrikam. You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the following group: ✑ Name: Group1 ✑ Members: User1, User2 ✑ Owner: User3 On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies. You plan to use third-party security information and event management (SIEM) to analyze conditional access usage. You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional access policies. What should you export from Azure AD?
A. audit logs in CSV format
B. sign-ins in CSV format
C. audit logs in JSON format
D. sign-ins in JSON format
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.For which groups can you create an access review?
A. Group1 only
B. Group1 and Group4 only
C. Group1 and Group2 only
D. Group1, Group2, Group4, and Group5 only
E. Group1, Group2, Group3, Group4 and Group5
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You add each manager as a fallback reviewer. Does this meet the goal?
A. Yes
B. No
You have an Azure subscription that contains the resources shown in the following table.For which resources can you create an access review?
A. Group1, Role1, and Contributor only
B. Group1 only
C. Group1, App1, Contributor, and Role1
D. Role1 and Contributor only
You have an Azure Active Directory (Azure AD) P1 tenant. You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past. For how long does Azure AD store events in the sign-in logs?
A. 14 days
B. 30 days
C. 90 days
D. 365 days
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com. Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings: ✑ Block external user from signing in to this directory: No ✑ Remove external user: Yes ✑ Number of days before removing external user from this directory: 90 What should you configure on the Identity Governance blade?
A. Access packages
B. Entitlement management settings
C. Terms of use
D. Access reviews settings
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced. You create an Azure Sentinel instance and configure the Azure Active Directory connector. You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection. What should you do first?
A. Add a Microsoft Sentinel data connector.
B. Configure the Notify settings in Azure AD Identity Protection.
C. Create a Microsoft Sentinel playbook.
D. Modify the Diagnostics settings in Azure AD.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You set Reviewers to Member (self). Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You modify the properties of the IT administrator user accounts. Does this meet the goal?
A. Yes
B. No
HOTSPOT - Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the groups shown in the following table.The tenant contains the users shown in the following table.
You create an access review as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3. You have two Azure AD roles that have the Activation settings shown in the following table.The Azure AD roles have the Assignment settings shown in the following table.
The Azure AD roles have the eligible users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure Monitor, you modify the action group. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 E5 subscription that contains a user named User1. You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principle of least privilege. Which role should you assign to User1?
A. Privileged role administrator
B. Identity Governance Administrator
C. User administrator
D. User Access Administrator
You have a Microsoft 365 subscription that contains the following: ✑ An Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium P2 license ✑ A Microsoft SharePoint Online site named Site1 ✑ A Microsoft Teams team named Team1 You need to create an entitlement management workflow to manage Site1 and Team1. What should you do first?
A. Configure an app registration.
B. Create an Administrative unit.
C. Create an access package.
D. Create a catalog.
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.The tenant contains the groups shown in the following table.
Existing Environment. Litware Environment Litware has an AD DS forest named litware.com Existing Environment. Problem Statements ADatum identifies the following issues: • Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit. • A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address. • When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list. • Anyone in the organization can invite guest users, including other guests and non-administrators. • The helpdesk spends too much time resetting user passwords. • Users currently use only passwords for authentication. Requirements. Planned Changes - ADatum plans to implement the following changes: • Configure self-service password reset (SSPR). • Configure multi-factor authentication (MFA) for all users. • Configure an access review for an access package named Package1. • Require admin approval for application access to organizational data. • Sync the AD DS users and groups of litware.com with the Azure AD tenant. • Ensure that only users that are assigned specific admin roles can invite guest users. • Increase the maximum number of devices that can be joined or registered to Azure AD to 10. Requirements. Technical Requirements ADatum identifies the following technical requirements: • Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year. • Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period. • Users must provide one authentication method to reset their password by using SSPR. Available methods must include: - Email - Phone - Security questions - The Microsoft Authenticator app • Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains. • The principle of least privilege must be used. You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Select Require justification on activation.
B. Select Require ticket information on activation.
C. Modify the Expire eligible assignments after setting.
D. Set all assignments to Eligible.
E. Set all assignments to Active.
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant contains the users shown in the following table.In Azure AD Privileged Identity Management (PIM), you configure the Global administrator role as shown in the following exhibit.
User1 is eligible for the Global administrator role. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.
A. Configure the Continuous access evaluation settings.
B. Configure a Conditional Access policy.
C. Modify the External collaboration settings.
D. Configure the Access reviews settings.
Get More SC-300 Practice Questions
If you’re looking for more SC-300 practice test free questions, click here to access the full SC-300 practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your SC-300 certification journey!