MICROSOFT SC-300 CERTIFICATION SYLLABUS AND CERTIFICATION QUESTIONS Microsoft SC-300 Exam
EDUSUM.COM Get complete detail on SC-300 exam guide to crack Microsoft Identity and Access Administrator. You can collect all information on SC-300 tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on Microsoft Identity and Access Administrator and get ready to crack SC-300 certification. Explore all information on SC-300 exam with number of questions, passing percentage and time duration to complete test.
WWW.EDUSUM.COM
Introduction to Microsoft Certified Identity and Access Administrator Associate Exam The Microsoft SC-300 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the Identity and Access Administrator certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. This study guide for the Microsoft Identity and Access Administrator will help guide you through the study process for your certification.
SC-300 Microsoft Identity and Access Administrator Exam Summary ● ● ● ● ●
Exam Name: Microsoft Identity and Access Administrator Exam Code: SC-300 Exam Price: $165 (USD) Duration: 120 mins Number of Questions: 40-60
SC-300: Microsoft Identity and Access Administrator
1
WWW.EDUSUM.COM
● Passing Score: 700 / 1000 ● Books / Training: Course SC-300T00: Microsoft Identity and Access Administrator ● Schedule Exam: Pearson VUE ● Sample Questions: Microsoft Identity and Access Administrator Sample Questions ● Recommended Practice: Microsoft SC-300 Certification Practice Exam
Exam Syllabus: SC-300 Microsoft Certified Identity and Access Administrator Associate Topic
Details
Implement identities in Azure AD (20-25%)
Configure and manage an Azure AD tenant
Create, configure, and manage Azure AD identities
Implement and manage external identities
Implement and manage hybrid identity
- Configure and manage Azure AD roles - Configure delegation by using administrative units - Analyze Azure AD role permissions - Configure and manage custom domains - Configure tenant-wide settings - Create, configure, and manage users - Create, configure, and manage groups - Configure and manage device join and registration, including writeback - Assign, modify, and report on licenses - Manage external collaboration settings in Azure AD - Invite external users, individually or in bulk - Manage external user accounts in Azure AD - Configure identity providers, including SAML or WS-fed - Implement and manage Azure AD Connect - Implement and manage Azure AD Connect cloud sync - Implement and manage Password Hash Synchronization (PHS) - Implement and manage Pass-Through Authentication (PTA) - Implement and manage seamless Single Sign-On (SSO) - Implement and manage Federation, excluding manual
SC-300: Microsoft Identity and Access Administrator
2
WWW.EDUSUM.COM
Topic
Details AD FS deployments - Implement and manage Azure AD Connect Health - Troubleshoot synchronization errors
Implement authentication and access management (25-30%) - Plan Azure MFA deployment, excluding MFA Server - Configure and deploy self-service password reset Plan, implement, and manage - Implement and manage Azure MFA settings Azure Multifactor - Manage MFA settings for users Authentication (MFA) and - Extend Azure AD MFA to third party and on-premises self-service password reset devices - Monitor Azure AD MFA activity - Plan for authentication - Implement and manage authentication methods - Implement and manage Windows Hello for Business Plan, implement, and manage - Implement and manage password protection and smart Azure AD user authentication lockout - Implement certificate-based authentication in Azure AD - Configure Azure AD user authentication for Windows and Linux virtual machines on Azure - Plan conditional access policies - Implement conditional access policy assignments - Implement conditional access policy controls Plan, implement, and manage - Test and troubleshoot conditional access policies Azure AD conditional access - Implement session management - Implement device-enforced restrictions - Implement continuous access evaluation - Create a conditional access policy from a template - Implement and manage a user risk policy - Implement and manage sign-in risk policy Manage Azure AD Identity - Implement and manage MFA registration policy Protection - Monitor, investigate and remediate risky users - Implement security for workload identities - Assign Azure roles Implement access - Configure custom Azure roles management for Azure - Create and configure managed identities resources - Use managed identities to access Azure resources
SC-300: Microsoft Identity and Access Administrator
3
WWW.EDUSUM.COM
Topic
Details - Analyze Azure role permissions - Configure Azure Key Vault RBAC and policies
Implement access management for applications (15-20%) - Discover and manage apps by using Microsoft Defender for Cloud Apps Manage and monitor - Configure connectors to apps application access by using - Implement application-enforced restrictions Microsoft Defender for Cloud - Configure conditional access app control Apps - Create access and session policies in Microsoft Defender for Cloud Apps - Implement and manage policies for OAUTH apps - Configure and manage user and admin consent - Discover apps by using ADFS application activity reports - Design and implement access management for apps - Design and implement app management roles Plan, implement, and monitor - Monitor and audit activity in enterprise applications the integration of Enterprise - Design and implement integration for on-premises apps applications by using Azure AD application proxy - Design and implement integration for SaaS apps - Provision and manage users, groups, and roles on Enterprise applications - Create and manage application collections - Plan for application registrations - Implement application registrations - Configure application permissions Plan and implement - Implement application authorization application registrations - Plan and configure multi-tier application permissions - Manage and monitor applications by using App governance
Plan and implement identity governance in Azure AD (20-25%)
Plan and implement entitlement management
- Plan entitlements - Create and configure catalogs - Create and configure access packages - Manage access requests - Implement and manage terms of use
SC-300: Microsoft Identity and Access Administrator
4
WWW.EDUSUM.COM
Topic
Details - Manage the lifecycle of external users in Azure AD Identity Governance settings - Configure and manage connected organizations - Review per-user entitlements by using Azure AD Entitlement management - Plan for access reviews - Create and configure access reviews for groups and apps Plan, implement, and manage - Create and configure access review programs access reviews - Monitor access review activity - Respond to access review activity, including automated and manual responses - Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and assignments - Plan and manage Azure resources in PIM, including Plan and implement privileged settings and assignments access - Plan and configure Privileged Access groups - Manage PIM requests and approval process - Analyze PIM audit history and reports - Create and manage break-glass accounts - Design a strategy for monitoring Azure AD - Review and analyze sign-in, audit, and provisioning logs by using the Azure AD console - Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub Monitor Azure AD - Monitor Azure AD by using Log Analytics, including KQL queries - Analyze Azure AD by using workbooks and reporting in the Azure AD console - Monitor and improve the security posture by using the Identity Secure Score
SC-300: Microsoft Identity and Access Administrator
5
WWW.EDUSUM.COM
Microsoft SC-300 Certification Sample Questions and Answers To make you familiar with Microsoft Identity and Access Administrator (SC-300) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for Identity and Access Administrator SC-300 Certification to test your understanding of Microsoft SC-300 process with the real Microsoft certification exam environment.
SC-300 Microsoft Identity and Access Administrator Sample Questions:01. Reference Scenario: click here You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report. Which risk detection type is classified as a user risk? a) impossible travel b) anonymous IP address c) atypical travel d) leaked credentials 02. Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights. You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment? a) Expire eligible assignments after from the Role settings details b) Expire active assignments after from the Role settings details c) Assignment type to Active d) Assignment type to Eligible 03. You have a Microsoft 365 tenant. In Azure Active Directory (Azure AD), you configure the terms of use. You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access. What should you configure? a) an access policy in Microsoft Cloud App Security b) Terms and conditions in Microsoft Endpoint Manager
SC-300: Microsoft Identity and Access Administrator
6
WWW.EDUSUM.COM
c) a conditional access policy in Azure AD d) a compliance policy in Microsoft Endpoint Manager 04. Reference Scenario: click here You have an Azure Active Directory (Azure AD) tenant named contoso.com. All users who run applications registered in Azure AD are subject to conditional access policies. You need to prevent the users from using legacy authentication. What should you include in the conditional access policies to filter out legacy authentication attempts? a) a cloud apps or actions condition b) a user risk condition c) a client apps condition d) a sign-in risk condition 05. You have an Azure Active Directory (Azure AD) tenant. You configure selfservice password reset (SSPR) by using the following settings: - Require users to register when signing in: Yes - Number of methods required to reset: 1 What is a valid authentication method available to users? a) a mobile app code b) mobile app notification c) an email to an address in your organization d) home prison 06. You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past. For how long does Azure AD store events in the sign-in log? a) 30 days b) 14 days c) 90 days d) 365 days 07. You have an Azure Active Directory Premium P2 tenant. You create a Log Analytics workspace. You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor. What should you do first? a) Modify the Diagnostics settings for Azure A b) Run the Get-AzureADAuditDirectoryLogs cmdlet c) Run the Set-AzureADTenantDetail cmdlet
SC-300: Microsoft Identity and Access Administrator
7
WWW.EDUSUM.COM
d) Create an Azure AD workbook 08. Reference Scenario: click here You configure a new Microsoft 365 tenant to use a default domain name of contoso.com. You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies. What should you do first? a) Disable the User consent settings b) Disable Security defaults c) Configure a multi-factor authentication (MFA) registration policy d) Configure password protection for Windows Server Active Directory 09. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com. Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings: - Block external user from signing in to this directory: No - Remove external user: Yes - Number of days before removing external user from this directory: 90 What should you configure on the Identity Governance blade? a) Access packages b) Settings c) Terms of use d) Access reviews 10. You have an Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA). You need to recommend a solution to provide Azure MFA for VPN connections. What should you include in the recommendation? a) Azure AD Application Proxy b) an Azure AD Password Protection proxy c) Network Policy Server (NPS) d) a pass-through authentication proxy
SC-300: Microsoft Identity and Access Administrator
8
WWW.EDUSUM.COM
Answers:Answer 01:- d Answer 02:- d Answer 03:- c Answer 04:- c Answer 05:- d Answer 06:- a Answer 07:- a Answer 08:- b Answer 09:- b Answer 10:- c
SC-300: Microsoft Identity and Access Administrator
9