SC-300 Practice Questions Free – 50 Exam-Style Questions to Sharpen Your Skills
Are you preparing for the SC-300 certification exam? Kickstart your success with our SC-300 Practice Questions Free – a carefully selected set of 50 real exam-style questions to help you test your knowledge and identify areas for improvement.
Practicing with SC-300 practice questions free gives you a powerful edge by allowing you to:
- Understand the exam structure and question formats
- Discover your strong and weak areas
- Build the confidence you need for test day success
Below, you will find 50 free SC-300 practice questions designed to match the real exam in both difficulty and topic coverage. They’re ideal for self-assessment or final review. You can click on each Question to explore the details.
You have an Azure AD Tenant. You configure self-service password reset (SSPR) by using the following settings: • Require users to register when signing in: Yes • Number of methods required to reset: 1 What is a valid authentication method available to users?
A. an FIDO2 security token
B. a mobile app code
C. a Microsoft Teams chat
D. a Windows Hello PIN
You have an Azure subscription, a Google Cloud Platform (GCP) account, and an Amazon Web Services (AWS) account. You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort. What should you include in the recommendation?
A. Microsoft Sentinel
B. Microsoft Entra ID Protection
C. Microsoft Defender for Cloud Apps
D. Microsoft Entra Permissions Management
You have an Azure AD tenant. You open the risk detections report. Which risk detection type is classified as a user risk?
A. password spray
B. anonymous IP address
C. unfamiliar sign-in properties
D. Azure AD threat intelligence
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant: that contains the users shown in the following table.In Azure. AD Identity Protection, you configure a user risk policy that has the following settings: ✑ Assignments: - Users: Group1 - User risk: Low and above ✑ Controls: - Access: Block access ✑ Enforce policy: On In Azure AD Identify Protection, you configure a sign-in risk policy that has the following settings: ✑ Assignments: - Users: Group2 - Sign-in risk: Low and above ✑ Controls: - Access: Require multi-factor authentication ✑ Enforce policy: On For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure AD Premium P2 tenant. You create a Log Analytics workspace. You need to ensure that you can view Azure AD audit log information by using Azure Monitor. What should you do first?
A. Modify the Diagnostics settings for Azure AD.
B. Run the Update-MgOrganization cmdlet.
C. Run the Update-MgDomain cmdlet.
D. Create an Azure AD workbook.
You create a new Microsoft 365 E5 tenant. You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA). What should you configure?
A. a sign-in risk policy
B. a user risk policy
C. an MFA registration policy
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity. You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity. What should you configure for storage1 in the Azure portal?
A. data protection
B. a shared access signature (SAS)
C. the Access control (IAM) settings
D. the File share settings
E. access keys
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the GitHub app connector. Does this meet the goal?
A. Yes
B. No
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you modify the Diagnostics settings. Does this meet the goal?
A. Yes
B. No
You have an Azure subscription named Sub1 that contains a virtual machine named VM1. You need to enable Microsoft Entra login for VM1 and configure VM1 to access the resources in Sub1. Which type of identity should you assign to VM1?
A. Microsoft Entra user account
B. user-assigned managed identity
C. Azure Automation account
D. system-assigned managed identity
HOTSPOT - You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3 and a Microsoft SharePoint Online site named Site1. The subscription contains the devices shown in the following table.The users sign in to the devices as shown in the following table.
You have a Conditional Access policy that has the following settings: • Name: CA1 • Assignments o Users and groups: User1, User2, User3 o Cloud apps or actions: SharePoint - Site1 • Access controls o Session: Use app enforced restrictions From the SharePoint admin center, you configure Access control for unmanaged devices to allow limited, web-only access. Which users will have full access to Site1?
A. User1 only
B. User2 only
C. User3only
D. User1 and User2 only
E. User1, User2, and User3
You have an Azure Active Directory (Azure AD) tenant named Contoso that contains a terms of use (Toll) named Terms1 and an access package. Contoso users collaborate with an external organization named Fabrikam. Fabrikam users must accept Terms1 before being allowed to use the access package. You need to identify which users accepted or declined Terms1. What should you use?
A. sign-in logs
B. the Usage and Insights report
C. provisioning logs
D. audit logs
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.Which objects can you add as members to Group3?
A. User2 and Group2 only
B. User2, Group1, and Group2 only
C. User1, User2, Group1 and Group2
D. User1 and User2 only
E. User2 only
You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. email address
B. redirection URL
C. username
D. shared key
E. password
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Microsoft Entra admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Set-WindowsProductKey cmdlet
B. the Update-MgGroup cmdlet
C. the Set-MgUserLicense cmdlet
D. the Update-MgUser cmdlet
You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com. Several users use their contoso.com email address for self-service sign-up to Azure Active Directory (Azure AD). You gain global administrator privileges to the Azure AD tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run?
A. Set-MsolCompanySettings
B. Set-MsolDomainFederationSettings
C. Update-MsolfederatedDomain
D. Set-MsolDomain
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs. You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights administrator role. Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have a Microsoft 365 tenant. You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)
You view the User administrator role assignments as shown in the Role assignments exhibit. (Click the Role assignments tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
DRAG DROP - You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com. You discover that users use their email address for self-service sign-up to Microsoft 365 services. You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
DRAG DROP - You have a Microsoft 365 E5 subscription. You need to perform the following tasks: • Identify the locations and IP addresses used by Azure AD users to sign in. • Review the Azure AD security settings and identify improvement recommendations. • Identify changes to Azure AD users or service principals. What should you use for each task? To answer, drag the appropriate resources to the correct requirements. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have an Azure AD tenant. You configure User consent settings to allow users to provide consent to apps from verified publishers. You need to ensure that the users can only provide consent to apps that require low impact permissions. What should you do?
A. Create an enterprise application collection.
B. Create an access review.
C. Create an access package.
D. Configure permission classifications.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services. Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request. You need to block the users automatically when they report an MFA request that they did not initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication (MFA). Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Email one-time passcode for guests set to Yes. You invite the guest users shown in the following table.Which users will receive a one-time passcode, and how long will the passcode be valid? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.User2 reports that he can only configure multi-factor authentication (MFA) to use the Microsoft Authenticator app. You need to ensure that User2 can configure alternate MFA methods. Which configuration is required, and which user should perform the configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Your company purchases a Microsoft 365 E5 subscription. A user named User1 is assigned the Security Administrator role. You need to ensure that User1 can create Microsoft Defender for Cloud Apps session policies. What should you do first?
A. Create a Conditional Access policy and select Require app protection policy.
B. Create a Conditional Access policy and select Use Conditional Access App Control.
C. Assign the Cloud Application Administrator role to User1.
D. Assign the Cloud App Security Administrator role to User1.
You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1 and a Microsoft 365 group named Group1. You need to ensure that the members of Group1 can access Site1 for 90 days. The solution must minimize administrative effort. What should you use?
A. an access package
B. an access review
C. a lifecycle workflow
D. a Conditional Access policy
You have a Microsoft Entra tenant. You need to configure continuous access evaluation for app sign-ins and assign the configuration to users that are assigned the Application Administrator role. What should you configure?
A. a sign-in risk policy
B. an access review
C. a Conditional Access policy
D. the Admin consent settings
HOTSPOT - Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in London and Seattle. Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Azure Active Directory (Azure AD) tenant named fabrikam.com. Existing Environment. Existing Environment The on-premises network of Contoso contains an Active Directory domain named contoso.com. The domain contains an organizational unit (OU) named Contoso_Resources. The Contoso_Resources OU contains all users and computers. The contoso.com Active Directory domain contains the relevant users shown in the following table.Contoso also includes a marketing department that has users in each office. Existing Environment. Microsoft 365/Azure Environment Contoso has an Azure AD tenant named contoso.com that has the following associated licenses: • Microsoft Office 365 Enterprise E5 • Enterprise Mobility + Security E5 • Windows 10 Enterprise E3 • Project Plan 3 Azure AD Connect is configured between Azure AD and Active Directory Domain Services (AD DS). Only the Contoso_Resources OU is synced. Helpdesk administrators routinely use the Microsoft 365 admin center to manage user settings. User administrators currently use the Microsoft 365 admin center to manually assign licenses. All users have all licenses assigned besides the following exceptions: • The users in the London office have the Microsoft 365 Phone System license unassigned. • The users in the Seattle office have the Yammer Enterprise license unassigned. Security defaults are disabled for contoso.com. Contoso uses Azure AD Privileged Identity Management (PIM) to protect administrative roles. Existing Environment. Problem Statements Contoso identifies the following issues: • Currently, all the helpdesk administrators can manage user licenses throughout the entire Microsoft 365 tenant. • The user administrators report that it is tedious to manually configure the different license requirements for each Contoso office. • The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps. • Currently, the helpdesk administrators can perform tasks by using the User administrator role without justification or approval. • When the Logs node is selected in Azure AD, an error message appears stating that Log Analytics integration is not enabled. Requirements. Planned Changes - Contoso plans to implement the following changes: • Implement self-service password reset (SSPR). • Analyze Azure audit activity logs by using Azure Monitor. • Simplify license allocation for new users added to the tenant. • Collaborate with the users at Fabrikam on a joint marketing campaign. • Configure the User administrator role to require justification and approval to activate. • Implement a custom line-of-business Azure web app named App1. App1 will be accessible from the internet and authenticated by using Azure AD accounts. • For new users in the marketing department, implement an automated approval workflow to provide access to a Microsoft SharePoint Online site, group, and app. Contoso plans to acquire a company named ADatum Corporation. One hundred new ADatum users will be created in an Active Directory OU named Adatum. The users will be located in London and Seattle. Requirements. Technical Requirements Contoso identifies the following technical requirements: • All users must be synced from AD DS to the contoso.com Azure AD tenant. • App1 must have a redirect URI pointed to https://contoso.com/auth-response. • License allocation for new users must be assigned automatically based on the location of the user. • Fabrikam users must have access to the marketing department’s SharePoint site for a maximum of 90 days. • Administrative actions performed in Azure AD must be audited. Audit logs must be retained for one year. • The helpdesk administrators must be able to manage licenses for only the users in their respective office. • Users must be forced to change their password if there is a probability that the users’ identity was compromised. You need to meet the technical requirements for license management by the help desk administrators. What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.The tenant has the authentication methods shown in the following table.
Which users will sign in to cloud apps by matching a number shown in the app with a number shown on their phone?
A. User1 only
B. User2 only
C. User3 only
D. User1 and User2 only
E. User2 and User3 only
DRAG DROP - You have a Microsoft 365 E5 tenant. You purchase a cloud app named App1. You need to enable real-time session-level monitoring of App1 by using Microsoft Defender for Cloud Apps. In which order should you perform the actions? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies. You plan to use third-party security information and event management (SIEM) to analyze conditional access usage. You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional access policies. What should you export from Azure AD?
A. audit logs in CSV format
B. sign-ins in CSV format
C. audit logs in JSON format
D. sign-ins in JSON format
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.The tenant contains the groups shown in the following table.
Existing Environment. Litware Environment Litware has an AD DS forest named litware.com Existing Environment. Problem Statements ADatum identifies the following issues: • Multiple users in the sales department have up to five devices. The sales department users report that sometimes they must contact the support department to join their devices to the Azure AD tenant because they have reached their device limit. • A recent security incident reveals that several users leaked their credentials, a suspicious browser was used for a sign-in, and resources were accessed from an anonymous IP address. • When you attempt to assign the Device Administrators role to IT_Group1, the group does NOT appear in the selection list. • Anyone in the organization can invite guest users, including other guests and non-administrators. • The helpdesk spends too much time resetting user passwords. • Users currently use only passwords for authentication. Requirements. Planned Changes - ADatum plans to implement the following changes: • Configure self-service password reset (SSPR). • Configure multi-factor authentication (MFA) for all users. • Configure an access review for an access package named Package1. • Require admin approval for application access to organizational data. • Sync the AD DS users and groups of litware.com with the Azure AD tenant. • Ensure that only users that are assigned specific admin roles can invite guest users. • Increase the maximum number of devices that can be joined or registered to Azure AD to 10. Requirements. Technical Requirements ADatum identifies the following technical requirements: • Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year. • Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period. • Users must provide one authentication method to reset their password by using SSPR. Available methods must include: - Email - Phone - Security questions - The Microsoft Authenticator app • Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains. • The principle of least privilege must be used. You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Select Require justification on activation.
B. Select Require ticket information on activation.
C. Modify the Expire eligible assignments after setting.
D. Set all assignments to Eligible.
E. Set all assignments to Active.
HOTSPOT - You have an Azure AD tenant that contains the users shown in the following table.You have the Azure AD Identity Protection policies shown in the following table.
You review the Risky users report and the Risky sign-ins report and perform actions for each user as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the custom roles shown in the following table.You need to create a custom Azure subscription role named Role3 by using the Azure portal. Role3 will use the baseline permissions of an existing role. Which roles can you clone to create Role3?
A. Role2 only
B. built-in Azure subscription roles only
C. built-in Azure subscription roles and Role2 only
D. built-in Azure subscription roles and built-in Azure AD roles only
E. Role1, Role2, built-in Azure subscription roles, and built-in Azure AD roles
You have a Microsoft 365 tenant. All users have mobile phones and Windows 10 laptops. The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptops to a wired network that has internet access. You plan to implement multi-factor authentication (MFA). Which MFA authentication method can the users use from the remote location?
A. a notification through the Microsoft Authenticator app
B. SMS
C. email
D. Windows Hello for Business
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 tenant. You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)You discover that all access review requests are received by Megan Bowen. You need to ensure that the manager of each department receives the access reviews of their respective department. Solution: You set Reviewers to Member (self). Does this meet the goal?
A. Yes
B. No
HOTSPOT - You need to configure app registration in Azure AD to meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
HOTSPOT - You have an Azure subscription. You need to create two custom roles named Role1 and Role2. The solution must meet the following requirements: • Users that are assigned Role1 can manage application security groups. • Users that are assigned Role2 can manage Azure Firewall. Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft Entra tenant that has a Microsoft Entra ID P2 service plan. The tenant contains the users shown in the following table.You have the Device settings shown in the following exhibit.
User1 has the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise. select No. NOTE: Each correct selection is worth one point.
Overview - ADatum Corporation is a consulting company in Montreal. ADatum recently acquired a Vancouver-based company named Litware, Inc. Existing Environment. ADatum Environment The on-premises network of ADatum contains an Active Directory Domain Services (AD DS) forest named adatum.com. ADatum has a Microsoft 365 E5 subscription. The subscription contains a verified domain that syncs with the adatum.com AD DS domain by using Azure AD Connect. ADatum has an Azure Active Directory (Azure AD) tenant named adatum.com. The tenant has Security defaults disabled. The tenant contains the users shown in the following table.
A. Configure the Continuous access evaluation settings.
B. Configure a Conditional Access policy.
C. Modify the External collaboration settings.
D. Configure the Access reviews settings.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure conditional access policies. Does this meet the goal?
A. Yes
B. No
You have an Azure Active Directory Premium P2 tenant. You create a Log Analytics workspace. You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor. What should you do first?
A. Run the Set-AzureADTenantDetail cmdlet.
B. Create an Azure AD workbook.
C. Modify the Diagnostics settings for Azure AD.
D. Run the Get-AzureADAuditDirectoryLogs cmdlet.
HOTSPOT - You need to create the LWGroup1 group to meet the management requirements. How should you complete the dynamic membership rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
You need to allocate licenses to the new users from ADatum. The solution must meet the technical requirements. Which type of object should you create?
A. a Dynamic User security group
B. a distribution group
C. an OU
D. an administrative unit
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?
A. the Identity Governance blade in the Azure Active Directory admin center
B. the Set-AzureAdUser cmdlet
C. the Licenses blade in the Azure Active Directory admin center
D. the Set-WindowsProductKey cmdlet
HOTSPOT - Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)
You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - You have an Azure subscription that is linked to an Azure AD tenant named contoso.com. The subscription contains a group named Group1 and a virtual machine named VM1. You need to meet the following requirements: • Enable a system-assigned managed identity for VM1. • Add VM1 to Group1. How should you complete the PowerShell script? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. You need to ensure that users can request access to Site1. The solution must meet the following requirements: • Automatically approve requests from users based on their group membership. • Automatically remove the access after 30 days. What should you do?
A. Create a Conditional Access policy.
B. Create an access package.
C. Configure Role settings in Azure AD Privileged Identity Management.
D. Create a Microsoft Defender for Cloud Apps access policy.
Free Access Full SC-300 Practice Questions Free
Want more hands-on practice? Click here to access the full bank of SC-300 practice questions free and reinforce your understanding of all exam objectives.
We update our question sets regularly, so check back often for new and relevant content.
Good luck with your SC-300 certification journey!