Microsoft SC-300 - Microsoft Identity and Access Administrator

You havean Azure AD tenant that contains the users shown in the following table.

You add an enterprise application named App1 to Azure AD and set User1 as the owner of App1 requires admin consent to access Azure AD before the app can be used.

You configure the Admin consent requests strong as shown in the following exhibit.

Admin consent requests.

You have a Microsoft Entra tenant that contains the identities shown in the following table.

Group1 has the following configurations:

• Owners: User1, User4

• Members: User1, Managed2, Gioup2

You create an access review that has the following settings:

• Name: Review1

• Review scope: Select Teams + Groups

• Group: Group1

• Scope: All users

• Select reviewers: Group owner(s)

The Fallback reviewers: setting is NOT configured.

Your company has a Microsoft Entra tenant that contains a user named User 1.

The company has two departments named marketing and finance.

You need to grant permissions to User1 to manage only the users in the marketing department.

What should you create first?

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.

You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:

• Ensure that AKS1 uses the managed identity to access DB1.

• Follow the principle of least privilege.

Which role should you assign to the managed identity of AKS1.

You have an Azure subscription named Sub1.

You purchase a Microsoft Entra Permissions Management license.

You need to onboard Permissions Management.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE; Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD

enterprise application named App1.

A contractor uses the credentials of user1@outlook.com.

You need to ensure that you can provide the contractor with access to App1. The contractor must be able to

authenticate as user1@outlook.com.

What should you do?

You have an Azure subscription that contains the resources shown in the following table.

You need to grant permissions to the resources by using attribute-based access control (ABAC).

To which resource can you grant permissions?

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The users have the devices shown in the following table.

You create the following two Conditional Access policies:

• Name: CAPolicy1

• Assignments

o Users or workload identities: Group 1

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions

â– Filter for devices: Exclude filtered devices from the policy

â– Rule syntax: device.displayName -starts With "Device*"

o Access controls

â– Grant: Block access

â– Session: 0 controls selected

o Enable policy: On

• Name: CAPolicy2

• Assignments

o Users or workload identities: Group2

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions: 0 conditions selected

• Access controls

o Grant: Grant access

â– Require multifactor authentication

o Session:

0 controls selected

• Enable policy: On

All users confirm that they can successfully authenticate using MFA.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert. You need to test the policy under the following conditions;

• A user signs in from another country.

• A user triggers a sign-in risk.

What should you use to complete the test?