Microsoft Identity and Access Administrator

Here you have the best Microsoft SC-300 practice exam questions

You have 311 total questions to study from
Each page has 5 questions, making a total of 63 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 15, 2024

Question 1 of 311

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:

✑ A device named Device1

✑ Users named User1, User2, User3, User4, and User5

✑ Groups named Group1, Group2, Group3, Group4, and Group5

The groups are configured as shown in the following table.

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

Group1 and Group4 only

Group1, Group2, Group3, Group4, and Group5

Group1 and Group2 only

Group1 only

Group1, Group2, Group4, and Group5 only

Correct Answer: E

In Azure Active Directory, Microsoft 365 Enterprise E5 licenses can be assigned to both security groups and Microsoft 365 groups, provided these groups have the 'SecurityEnabled' attribute set to true. Assuming the groups were created in the Azure AD portal where the 'SecurityEnabled' attribute is true by default, licenses can be assigned directly to the following groups: Group1, Group2, Group4, and Group5. Group3 is a dynamic device group, which does not make sense for user-based licensing like Office 365 Enterprise E5, so it is excluded. Hence, licenses can be assigned to Group1, Group2, Group4, and Group5.

Question 2 of 311

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.

Several users use their contoso.com email address for self-service sign-up to Azure Active Directory (Azure AD).

You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.

You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.

Which PowerShell cmdlet should you run?

Set-MsolCompanySettings

Set-MsolDomainFederationSettings

Update-MsolfederatedDomain

Set-MsolDomain

Correct Answer: A

To prevent users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services, you need to use the Set-MsolCompanySettings cmdlet. This cmdlet allows you to configure settings at the company level, including the ability to control whether users can perform self-service sign-up with the -AllowAdHocSubscriptions parameter set to $false. This will disable all self-service sign-ups for Microsoft cloud services in the tenant.

Question 3 of 311

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.

Which users will be emailed a passcode?

User2 only

User1 only

User1 and User2 only

User1, User2, and User3

Correct Answer: A

User2 will receive an email passcode. User1, being an existing guest user in the fabrikam.com domain, will continue using their existing authentication method and will not be emailed a passcode. User3, being a user within the fabrikam.com domain, will also not be emailed a passcode as they are already part of the organization.

Question 4 of 311

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.

You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

the Identity Governance blade in the Azure Active Directory admin center

the Set-AzureAdUser cmdlet

the Licenses blade in the Azure Active Directory admin center

the Set-WindowsProductKey cmdlet

Correct Answer: C

The Licenses blade in the Azure Active Directory admin center is the correct tool for managing and removing licenses from users with minimal administrative effort. This interface allows administrators to view and modify license assignments for individual users or entire groups. By navigating to the Licenses blade, you can efficiently manage the reassignment or removal of Office 365 Enterprise E3 licenses after assigning Microsoft 365 Enterprise E5 licenses to the users.

Question 5 of 311

HOTSPOT -

You have a Microsoft 365 tenant named contoso.com.

Guest user access is enabled.

Users are invited to collaborate with contoso.com as shown in the following table.

From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration restrictions settings as shown in the following exhibit.

From a Microsoft SharePoint Online site, a user invites [email protected] to the site.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: Yes -

Invitations can only be sent to outlook.com. Therefore, User1 can accept the invitation and access the application.

Box 2. Yes -

Invitations can only be sent to outlook.com. However, User2 has already received and accepted an invitation so User2 can access the application.

Box 3. No -

Invitations can only be sent to outlook.com. Therefore, User3 will not receive an invitation.