SC-300 Practice Exam Free – 50 Questions to Simulate the Real Exam
Are you getting ready for the SC-300 certification? Take your preparation to the next level with our SC-300 Practice Exam Free – a carefully designed set of 50 realistic exam-style questions to help you evaluate your knowledge and boost your confidence.
Using a SC-300 practice exam free is one of the best ways to:
- Experience the format and difficulty of the real exam
- Identify your strengths and focus on weak areas
- Improve your test-taking speed and accuracy
Below, you will find 50 realistic SC-300 practice exam free questions covering key exam topics. Each question reflects the structure and challenge of the actual exam.
You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1. You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort. What should you do on the Remediation tab in Permissions Management?
A. From the Role/Policy Template subtab, create a template.
B. From the My Requests subtab, create a new request.
C. From the Roles/Policies subtab, create a role.
D. From the Permissions subtab, use a quick action.
DRAG DROP - You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege. Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity. You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity. What should you configure for storage1 in the Azure portal?
A. data protection
B. a shared access signature (SAS)
C. the Access control (IAM) settings
D. the File share settings
E. access keys
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.The tenant contains the groups shown in the following table.
Existing Environment. Litware Environment Litware has an AD DS forest named litware.com Existing Environment. Problem Statements ADatum identifies the following issues: • Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit. • A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address. • When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list. • Anyone in the organization can invite guest users, including other guests and non-administrators. • The helpdesk spends too much time resetting user passwords. • Users currently use only passwords for authentication. Requirements. Planned Changes - ADatum plans to implement the following changes: • Configure self-service password reset (SSPR). • Configure multi-factor authentication (MFA) for all users. • Configure an access review for an access package named Package1. • Require admin approval for application access to organizational data. • Sync the AD DS users and groups of litware.com with the Azure AD tenant. • Ensure that only users that are assigned specific admin roles can invite guest users. • Increase the maximum number of devices that can be joined or registered to Azure AD to 10. Requirements. Technical Requirements ADatum identifies the following technical requirements: • Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year. • Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period. • Users must provide one authentication method to reset their password by using SSPR. Available methods must include: - Email - Phone - Security questions - The Microsoft Authenticator app • Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains. • The principle of least privilege must be used. You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Select Require justification on activation.
B. Select Require ticket information on activation.
C. Modify the Expire eligible assignments after setting.
D. Set all assignments to Eligible.
E. Set all assignments to Active.
A user named User1 receives an error message when attempting to access the Microsoft Defender for Cloud Apps portal. You need to identify the cause of the error. The solution must minimize administrative effort. What should you use?
A. Log Analytics
B. sign-in logs
C. audit logs
D. provisioning logs
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights. You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment?
A. Expire eligible assignments after from the Role settings details
B. Expire active assignments after from the Role settings details
C. Assignment type to Active
D. Assignment type to Eligible
You have a Microsoft 365 tenant. All users have mobile phones and laptops. The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access. You plan to implement multi-factor authentication (MFA). Which MFA authentication method can the users use from the remote location?
A. a notification through the Microsoft Authenticator app
B. email
C. security questions
D. a verification code from the Microsoft Authenticator app
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 tenant. All users have mobile phones and Windows 10 laptops. The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptops to a wired network that has internet access. You plan to implement multi-factor authentication (MFA). Which MFA authentication method can the users use from the remote location?
A. an app password
B. voice
C. Windows Hello for Business
D. security questions
You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report. Which risk detection type is classified as a user risk?
A. impossible travel
B. anonymous IP address
C. atypical travel
D. leaked credentials
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You modify the properties of the IT administrator user accounts. Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions. Solution: You assign the User Administrator role to User1. Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure pass-through authentication. Does this meet the goal?
A. Yes
B. No
HOTSPOT - Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant. You need to configure Azure AD Connect to meet the following requirements: • User sign-ins to Azure AD must be authenticated by an Active Directory domain controller. • Active Directory domain users must be able to use Azure AD self-service password reset (SSPR). What should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant. In Azure Active Directory (Azure AD), you configure the terms of use. You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access. What should you configure?
A. an access policy in Microsoft Cloud App Security.
B. Terms and conditions in Microsoft Endpoint Manager.
C. a conditional access policy in Azure AD
D. a compliance policy in Microsoft Endpoint Manager
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant contains the users shown in the following table.In Azure AD Privileged Identity Management (PIM), you configure the Global administrator role as shown in the following exhibit.
User1 is eligible for the Global administrator role. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to meet the technical requirements for license management by the helpdesk administrators. What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.
A. Configure the Continuous access evaluation settings.
B. Configure a Conditional Access policy.
C. Modify the External collaboration settings.
D. Configure the Access reviews settings.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services. Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request. You need to block the users automatically when they report an MFA request that they did not initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication (MFA). Does this meet the goal?
A. Yes
B. No
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.
A. Change Membership type of IT_Group1 to Dynamic User.
B. Recreate the IT_Group1 group.
C. Change Membership type of IT Group1 to Dynamic Device.
D. Add an owner to IT_Group1.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.The tenant has the authentication methods shown in the following table.
Which users will sign in to cloud apps by matching a number shown in the app with a number shown on their phone?
A. User1 only
B. User2 only
C. User3 only
D. User1 and User2 only
E. User2 and User3 only
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com. Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings: ✑ Block external user from signing in to this directory: No ✑ Remove external user: Yes ✑ Number of days before removing external user from this directory: 90 What should you configure on the Identity Governance blade?
A. Access packages
B. Entitlement management settings
C. Terms of use
D. Access reviews settings
You have a Microsoft 365 tenant. An on-premises Active Directory domain is configured to sync with the Azure AD tenant. The domain contains the servers shown in the following table.The domain controllers are prevented from communicating to the internet. You implement Azure AD Password Protection on Server1 and Server2. You deploy a new server named Server4 that runs Windows Server 2022. You need to ensure that Azure AD Password Protection will continue to work if a single server fails. What should you implement on Server4?
A. Azure AD Connect
B. Azure AD Application Proxy
C. Password Change Notification Service (PCNS)
D. the Azure AD Password Protection proxy service
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.User1 is the owner of Group1. You create an access review that has the following settings: ✑ Users to review: Members of a group ✑ Scope: Everyone ✑ Group: Group1 ✑ Reviewers: Members (self) Which users can perform access reviews for User3?
A. User1, User2, and User3
B. User3 only
C. User1 only
D. User1 and User2 only
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You add each manager as a fallback reviewer. Does this meet the goal?
A. Yes
B. No
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1 and a Microsoft 365 group named Group1. You need to ensure that the members of Group1 can access Site1 for 90 days. The solution must minimize administrative effort. What should you use?
A. an access package
B. an access review
C. a lifecycle workflow
D. a Conditional Access policy
You have a Microsoft 365 tenant. All users have mobile phones and Windows 10 laptops. The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptops to a wired network that has internet access. You plan to implement multi-factor authentication (MFA). Which MFA authentication method can the users use from the remote location?
A. Windows Hello for Business
B. an app password
C. security questions
D. email
You have a Microsoft 365 E5 subscription. You purchase the app governance add-on license. You need to enable app governance integration. Which portal should you use?
A. the Microsoft Defender for Cloud Apps portal
B. the Microsoft 365 admin center
C. Microsoft 365 Defender
D. the Azure Active Directory admin center
E. the Microsoft Purview compliance portal
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Identity Governance blade in the Azure Active Directory admin center
B. the Set-AzureAdUser cmdlet
C. the Licenses blade in the Azure Active Directory admin center
D. the Set-WindowsProductKey cmdlet
HOTSPOT - You have a Microsoft 365 E5 subscription that contains a user named User1. You configure app governance integration. User1 needs to view the App governance dashboard. The solution must use the principle of the least privilege. Which role should you assign to User1, and which portal should User1 use to view the dashboard? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You need to meet the technical requirements for the probability that user identities were compromised. What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.You have an administrative unit named Au1. Group1, User2, and User3 are members of Au1. User5 is assigned the User administrator role for Au1. For which users can User5 reset passwords?
A. User1, User2, and User3
B. User1 and User2 only
C. User3 and User4 only
D. User2 and User3 only
You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role. SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal. You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of non-administrative users. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?
A. Authentication administrator
B. Helpdesk administrator
C. Privileged authentication administrator
D. Security operator
HOTSPOT - Your company has a Microsoft 365 tenant. All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant. The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery. You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort. What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the following group: ✑ Name: Group1 ✑ Members: User1, User2 ✑ Owner: User3 On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure AD tenant that contains a user named User1 and a registered app named App1. User1 deletes the app registration of App1. You need to restore the app registration. What is the maximum number of days you have to restore the app registration from when it was deleted?
A. 14
B. 30
C. 60
D. 180
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You create a separate access review for each role. Does this meet the goal?
A. Yes
B. No
HOTSPOT - Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The AD DS domain contains the organizational units (OUs) shown in the following table.You need to create a break-glass account named BreakGlass. Where should you create BreakGlass, and which role should you assign to BreakGlass? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.You plan to implement Azure AD Identity Protection. Which users can configure the user risk policy, and which users can view the risky users report? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Set-MsolUserLicense cmdlet
B. the Set-AzureADGroup cmdlet
C. the Set-WindowsProductKey cmdlet
D. the Administrative units blade in the Azure Active Directory admin center
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure password writeback. Does this meet the goal?
A. Yes
B. No
You have an Azure Active Directory (Azure AD) tenant that: contains a user named User1. You need to ensure that User1 can create new catalogs and add1 resources to the catalogs they own. What should you do?
A. From the Roles and administrators blade, modify the Groups administrator role.
B. From the Roles and administrators blade, modify the Service support administrator role.
C. From the Identity Governance blade, modify the Entitlement management settings.
D. From the Identity Governance blade, modify the roles and administrators for the General catalog.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. The tenant uses pass-through authentication. A corporate security policy states the following: ✑ Domain controllers must never communicate directly to the internet. ✑ Only required software must be installed on servers. The Active Directory domain contains the on-premises servers shown in the following table.You need to ensure that users can authenticate to Azure AD if a server fails. On which server should you install an additional pass-through authentication agent?
A. Server4
B. Server2
C. Server1
D. Server3
You have an Azure subscription named Sub1 that contains a user named User1. You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege. Which role should you assign to User1?
A. Global Administrator
B. Billing Administrator
C. Permissions Management Administrator
D. User Access Administrator
DRAG DROP - You have an Azure subscription that contains the resources shown in the following table.The subscription uses Privileged Identity Management (PIM). You need to configure the following access controls by using PIM: • Ensure that User1 can read and update Secret1. • Ensure that User2 can read the contents of the secrets stored in Vault2. The solution must follow the principle of least privilege. Which authorization method should you use for each user? To answer, drag the appropriate authorization methods to the correct users. Each authorization method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant. You create an enterprise application collection named HR Apps that has the following settings: ✑ Applications: App1, App2, App3 ✑ Owners: Admin1 ✑ Users and groups: HRUsers All three apps have the following Properties settings: ✑ Enabled for users to sign in: Yes ✑ User assignment required: Yes Visible to users: Yes -Users report that when they go to the My Apps portal, they only see App1 and App2. You need to ensure that the users can also see App3. What should you do from App3?
A. From Users and groups, add HRUsers.
B. From Single sign-on, configure a sign-on method.
C. From Properties, change User assignment required to No.
D. From Permissions, review the User consent permissions.
You have an Azure AD tenant that contains a user named Admin1. You need to ensure that Admin1 can perform only the following tasks: • From the Microsoft 365 admin center, create and manage service requests. • From the Microsoft 365 admin center, read and configure service health. • From the Azure portal, create and manage support tickets. The solution must minimize administrative effort. What should you do?
A. Create an administrative unit and add Admin1.
B. Enable Azure AD Privileged Identity Management (PIM) for Admin1.
C. Assign Admin1 the Helpdesk Administrator role.
D. Create a custom role and assign the role to Admin1.
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Administrative units blade in the Azure Active Directory admin center
B. the Set-MsolUserLicense cmdlet
C. the Groups blade in the Azure Active Directory admin center
D. the Set-WindowsProductKey cmdlet
HOTSPOT - You have a Microsoft 365 tenant. You create a named location named HighRiskCountries that contains a list of high-risk countries. You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country. What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure AD tenant and a .NET web app named App1. You need to register App1 for Azure AD authentication. What should you configure for App1?
A. the executable name
B. the bundle ID
C. the package name
D. the redirect URI
Free Access Full SC-300 Practice Exam Free
Looking for additional practice? Click here to access a full set of SC-300 practice exam free questions and continue building your skills across all exam domains.
Our question sets are updated regularly to ensure they stay aligned with the latest exam objectives—so be sure to visit often!
Good luck with your SC-300 certification journey!