Practice Questions Edition’22

Prepare Yourself for Exam SC-300: Microsoft

Identity and Access Administrator

Enter
Hello learners!
The Microsoft Identity and Access Administrator training and exam for designs,
implements, and operates an organization’s identity and access management sys-
tems by using Azure Active Directory (Azure AD). After training and certification
exam you’ll be able to manage tasks, such as providing secure authentication and
authorization access to enterprise applications. After this training you’ll also be re-
sponsible for troubleshooting, monitoring, and reporting for the identity and access
environment.

After this training you’ll be able to accomplish the following technical tasks: imple-
ment an identity management solution; implement an authentication and access
management solution; implement access management for apps; and plan and im-
plement an identity governance strategy.

Here are the practice questions for you to test yourself!

2
Here goes the Quiz
1 Which one among the following is a hybrid authentication method that would require the
least effort in deployment and maintenance?

Select one:
A. Password Hash Synchronization

B. Pass-through authentication

C. Federated authentication

D. All of the above

2 The HR team has informed you that they would be hiring many people in different
domains for the organization. As the administrator, you are responsible for adding all of
them to the respective groups. Therefore, you need to minimize the effort. What type of
group will you use?

Select one:
A. Assigned User

B. Dynamic User

C. Dynamic Device

D. None of the above

3 You have been assigned the task to configure and manage groups on Azure AD. You need
to use the two different types of groups available according to the requirements. What are
the two kinds of functional groups on Azure AD?

Select one:

A. Security and Microsoft365

B. Security and Distribution lists

C. Distribution lists and Office365

D. Microsoft365 and mail-enabled security

3
Here goes the Quiz
4 Your organization is planning to move some of its workloads from on-premises to the
cloud. You have been assigned to understand and recommend the identity aspects of
this scenario. How would you explain the term “Hybrid identity”?

Select one:

A. They create common user identities for authenticating and authorizing users
who operate workstations that run on various operating systems.

B. They create common user identities that are trusted for authentication and
authorization between organizations.

C. They create common user identities for authentication and authorization to

both on-premises and cloud-based resources.

D. They are a solution which makes using multiple usernames and password
possible.

5 You are exploring the Microsoft Azure AD B2B feature. You come to know SAML
(Security Assertion Markup Language) is one protocol used by Azure AD B2B to
federate with identity providers. What is the other protocol used?

Select one:

A. WS-Federation (WS-Fed)

B. Layer Two Tunneling Protocol (L2TP)

C. Kerberos

D. Resource Location Protocol (RLP)

4
Here goes the Quiz
6 Which one among the following authentication methods is the most secure?

Select one:

A. SMS verification

B. Call verification

C. Password

D. Windows Hello

7 Your organization Contoso Corp is concerned with the increased number of passwords
being compromised. Your organization, a cloud-only organization, has requested you
to recommend a solution that can help them ban certain common words like admin,
Contoso, etc. from being used when the employees set up or change passwords.
Which solution would you recommend?

Select one:

A. Azure AD Identity protection

B. Azure AD password protection

C. Active Directory password policies

D. Active Directory group policies

5
Here goes the Quiz
8 Which Azure AD tool will help you get reports for risks and create policies to take any
such risks?

Select one:

A. Azure AD identity protection

B. Azure AD conditional access

C. Azure AD password protection

D. None of the above

9 Two risk policies can be enabled in the directory. One is the user risk policy. Which is the
other risk policy?

Select one:

A. Device access risk policy

B. Sign-in risk policy

C. Machine risk policy

D. Hybrid identity risk policies

10 What type of policy helps you enforce organizational policies, control access and is
based on if-then statements?

Select one:
A. Compliance policies

B. Data loss prevention policies

C. Conditional access policies

D. Retention policies

6
Here goes the Quiz
11 Microsoft Graph is a helpful tool for developers. Which one of the following three APIs
exposes information about risky users and sign-in?

Select one:
A. riskDetection, risky users, signs

B. riskDetection, Usersrisk, sign in

C. riskDetection, interactivity, signs

D. risky users, signIn, IdentitySet

12 Which scenario from the below options would be best suited for Mobile Application
Management (MAM) without enrollment to protect sensitive data in work or school-
related app?

Select one:

A. Conditional access controls

B. Bring-your-own-device (BYOD) scenarios

C. Smart lockout policies

D. Session management controls

13 Your organization is moving some of its workloads to the cloud. Therefore, you need
to recommend a hybrid identity authentication solution keeping in mind that your
organization cannot have the password (or any traces of it) stored on the cloud. Which
one of the below options would be best suited?

Select one:
A. Pass-through authentication

B. Password hash synchronization

C. Both can be used

D. None of the above

7
Here goes the Quiz
14 User A has been assigned to manage all aspects of all app registrations and enterprise
applications in your organization. However, he wouldn’t be involved with the
management of applications that use app proxy. Which role should you assign to User A?

Select Three:
A. Application developer

B. Application administrator

C. Cloud application administrator

D. None of the above

15 Which one of the following is Microsoft Cloud access security broker?

Select one:
A. Microsoft Cloud App Security

B. Microsoft Azure Sentinel

C. Microsoft Azure Security Center

D. Microsoft 365 Security Center

16 Your organization has numerous apps, and the methods for accessing them are different,
making it confusing for the users. You are asked to recommend a solution. You find that
you can use Azure AD to integrate those applications and get the Single Sign-on (SSO)
feature. What types of applications can be integrated with Azure AD?

Select one:
A. SaaS applications

B. On-premises applications

C. Line of business applications

D. All of the above

8
Here goes the Quiz
17 Which option from the following choices is not a best practice for building multi-tenant
apps?

Select one:

A. Follow the principle of least user access to ensure that your app only
requests the permissions it needs.

B. Provide appropriate names and descriptions for any permissions you

expose as part of your app. It helps users and admins know what they
agree to when using your app’s APIs.

C. Use names and descriptions that are only meaningful to your team.

D. All of the above are best practices

18 Your organization is planning to use an application proxy for its on-premises applications.
However, before they move ahead with the process, the management wants to know
about the benefits of using Azure AD application proxy. Which one of the following is the
correct benefit for using application proxy?

Select one:
A. Traffic termination

B. Pre-authentication

C. Conditional access

D. All of the above

9
Here goes the Quiz
19 You are a part of the admin team in your organization. You recently noticed that a user
had been deleted. You would like to restore that user. Till how many days can you
recover that user after deletion?

Select one:
A. 14 days

B. 30 days

C. 90 days

D. 365 days

20 You are a part of the admin team in your organization. You recently notice that a user has
been deleted. You need to find out details about the activity where the user was deleted.
Your search for this in Microsoft365 compliance center audit logs. Will this accomplish the
goal?

Select one:
A. Yes

B. No
Check out the answers below:
1 2
A B
3 4
A C
5 6
A D
7 8
B A
9 10
B C
11 12
A B
13 14
A C
15 16
A D
17 18
C D
19 20
B A

11
 To get regular updates about our upcoming training sessions, study guides/exam
prep material, giveaways, and other useful resources to help you upskill

Disclaimer: These questions are NOT appearing in the certification exam. CloudThat
does not have any official tie-up with Microsoft regarding the certification or the kind
of questions asked. These are the best guesses for the kind of questions to expect with
Microsoft in general and with the examination.

Additional resources to support your preparation:

Click here to enrol for SC-300 Course.  

About CloudThat
CloudThat is the first company in India to offer Cloud
Training & Consulting services for mid-market &
enterprise clients from across the globe. Founded by
Bhavesh Goswami, an ex-Amazonian with more than
10 years of experience in Cloud computing space,
CloudThat has been empowering tech professionals
with best-in-class training and consulting services.

Since, our inception in 2012, we have trained over

350K IT professionals from Fortune 500 companies
on technologies such as Microsoft Azure, Amazon
Web Services, Artificial Intelligence, Machine Learning,
Google Cloud, IoT, OpenStack, OpenShift, DevOps,
MongoDB, Big Data and more. We have global
presence with offices in Bengaluru, Mumbai, UK, and
the USA.

Over the years, CloudThat has proven its excellence

in the field and has recently been recognized as the
winner of Microsoft 2020 Global Partner of the Year
Finalist award. With expertise in major Cloud platforms,
CloudThat is a proud Microsoft Gold Partner, AWS
Advanced Consulting Partner, Google Cloud Platform
Partner, and Databricks Partner.

Build your career with CloudThat

We are Microsoft Gold Partner and the winner of Microsoft Learning Partner Year Finalist
award, 2020.

CloudThat CEO is the MCT Regional Lead for India.

Till date CloudThat has trained more than 350K+ professionals in VILT & ILT modes.

We are a dynamic team of Microsoft certified trainers and professionals.

We have attended to the training and consulting needs of more than 100 clients.

We offer 200+ cloud certifications in emerging technologies.

Our training modules are equipped with 50%-60% hands-on labs sessions.

13
 Best
of luck!

To get regular updated about our upcoming training sessions study guides/exam prep material, giveaways,
and other useful resources to help you upskill, you can follow us on our social media pages.

Want to know more about Cloud?

Read out to us at:
#610, 2nd Floor, 80 Feet Road,
6th Block Koramangala Bengaluru- 560095.
Tel: +91-888-000-2200
Email Id: sales@cloudthat.com

14