Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

SC-300Free trialFree trial

By microsoft
Aug, 2025

Verified

25Q per page

Question 51

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users.

You needed to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

  • A: the Groups blade in the Azure Active Directory admin center
  • B: the Set-AzureAdUser cmdlet
  • C: the Identity Governance blade in the Azure Active Directory admin center
  • D: the Licenses blade in the Azure Active Directory admin center

Question 52

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create a user named User1.

You need to ensure that User1 can update the status of Identity Secure Score improvement actions.

Solution: You assign the Security Operator role to User1.

Does this meet the goal?

  • A: Yes
  • B: No

Question 53

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create a user named User1.

You need to ensure that User1 can update the status of Identity Secure Score improvement actions.

Solution: You assign the SharePoint Administrator role to User1.

Does this meet the goal?

  • A: Yes
  • B: No

Question 54

You have an Azure AD tenant that contains a user named Admin1.

You need to ensure that Admin1 can perform only the following tasks:

• From the Microsoft 365 admin center, create and manage service requests.
• From the Microsoft 365 admin center, read and configure service health.
• From the Azure portal, create and manage support tickets.

The solution must minimize administrative effort.

What should you do?

  • A: Create an administrative unit and add Admin1.
  • B: Enable Azure AD Privileged Identity Management (PIM) for Admin1.
  • C: Assign Admin1 the Helpdesk Administrator role.
  • D: Create a custom role and assign the role to Admin1.

Question 55

HOTSPOT

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.

You need to ensure that user authentication always occurs by validating passwords against the AD DS domain.

What should you configure, and what should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 1

Question 56

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

Image 1

A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table.

Image 2

Which users will be emailed a passcode?

  • A: User2 only
  • B: User1 only
  • C: User1 and User2 only
  • D: User1, User2, and User3

Question 57

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A: email address
  • B: redirection URL
  • C: username
  • D: shared key
  • E: password

Question 58

HOTSPOT -

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table.

Image 1

In Azure AD Connect, Domain/OU Filtering is configured as shown in the following exhibit.

Image 2

Azure AD Connect is configured as shown in the following exhibit.

Image 3

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 4

Question 59

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users.

You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

What should you use?

  • A: the Update-MgGroup cmdlet
  • B: the Licenses blade in the Azure Active Directory admin center
  • C: the Set-WindowsProductKey cmdlet
  • D: the Administrative units blade in the Azure Active Directory admin center

Question 60

You have an Azure AD tenant that contains the users shown in the following table.

Image 1

You need to compare the role permissions of each user. The solution must minimize administrative effort.

What should you use?

  • A: the Microsoft 365 Defender portal
  • B: the Microsoft 365 admin center
  • C: the Microsoft Entra admin center
  • D: the Microsoft Purview compliance portal

Question 61

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.

Several users use their contoso.com email address for self-service sign-up to Azure AD.

You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.

You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.

Which PowerShell cmdlet should you run?

  • A: Update-MgOrganization
  • B: Update-MgPolicyPermissionGrantPolicyExclude
  • C: Update-MgDomain
  • D: Update-MgDomainFederationConfiguration

Question 62

HOTSPOT

You have an Azure AD tenant.

You need to configure the following External Identities features:

• B2B collaboration
• Monthly active users (MAU)-based pricing

Which two settings should you configure? To answer, select the settings in the answer area.

NOTE: Each correct selection is worth one point.

Image 1

Question 63

You have an Azure AD tenant that contains the external user shown in the following exhibit.

Image 1

You update the email address of the user.

You need to ensure that the user can authenticate by using the updated email address.

What should you do for the user?

  • A: Modify the Authentication methods settings.
  • B: Reset the password.
  • C: Revoke the active sessions.
  • D: Reset the redemption status.

Question 64

You have an Azure AD tenant.

You need to ensure that only users from specific external domains can be invited as guests to the tenant.

Which settings should you configure?

  • A: External collaboration settings
  • B: All identity providers
  • C: Cross-tenant access settings
  • D: Linked subscriptions

Question 65

You have an Azure AD tenant that contains a user named User1 and a Microsoft 365 group named Group1. User1 is the owner of Group1.

You need to ensure that User1 is notified every three months to validate the guest membership of Group1.

What should you do?

  • A: Configure the External collaboration settings.
  • B: Create an access review.
  • C: Configure an access package.
  • D: Create a group expiration policy.

Question 66

HOTSPOT

You have a Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.

Department1 has the users shown in the Users exhibit. (Click the Users tab.)

Image 1

Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)

Image 2

The User Administrator role assignments are shown in the Assignments exhibit (Click the Assignments tab.)

Image 3

The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)

Image 4

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 5

Question 67

HOTSPOT

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named fabrikam.com. The domain contains an Active Directory Federation Services (AD FS) instance and a member server named Server1 that runs Windows Server. The domain contains the users shown in the following table.

Image 1

You have a Microsoft Entra tenant named contoso.com that is linked to a Microsoft 365 subscription.

You establish federation between fabrikam.com and contoso.com by using a Microsoft Entra Connect instance that is configured as shown in the following exhibit.

Image 2

You perform the following tasks in contoso.com:

• Create a group named Group1.
• Disable User2.
• Enable User3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 3

Question 68

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Image 1

Which objects can you add as members to Group3?

  • A: User2 and Group2 only
  • B: User2, Group1, and Group2 only
  • C: User1, User2, Group1 and Group2
  • D: User1 and User2 only
  • E: User2 only

Question 69

HOTSPOT -

You have a Microsoft Entra tenant that has a Microsoft Entra ID P2 service plan. The tenant contains the users shown in the following table.

Image 1

You have the Device settings shown in the following exhibit.

Image 2

User1 has the devices shown in the following table.

Image 3

For each of the following statements, select Yes if the statement is true. Otherwise. select No.

NOTE: Each correct selection is worth one point.

Image 4

Question 70

You have an Azure subscription named Sub1 that contains a user named User1.

You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

  • A: Global Administrator
  • B: Billing Administrator
  • C: Permissions Management Administrator
  • D: User Access Administrator

Question 71

You have an Azure subscription that contains a user named User1 and two resource groups named RG1 and RG2.

You need to ensure that User1 can perform the following tasks:

• View all resources.
• Restart virtual machines.
• Create virtual machines in RG1 only.
• Create storage accounts in RG1 only.

What is the minimum number of role-based access control (RBAC) role assignments required?

  • A: 1
  • B: 2
  • C: 3
  • D: 4

Question 72

You work for a company named Contoso, Ltd. that has a Microsoft Entra tenant named contoso.com.

Contoso is working on a project with the following two partner companies:

• A company named A. Datum Corporation that has a Microsoft Entra tenant named adatum.com.
• A company named Fabrikam, Inc. that has a Microsoft Entra tenant named fabrikam.com.

When you attempt to invite a new guest user from adatum.com to contoso.com, you receive an error message.

You can successfully invite a new guest user from fabnkam.com to contoso.com.

You need to be able to invite new guest users from adatum.com to contoso.com.

What should you configure?

  • A: Guest invite settings
  • B: Verifiable credentials
  • C: Named locations
  • D: Collaboration restrictions

Question 73

You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.

Image 1

Which resources can use Managed1 as their identity?

  • A: WebApp1 only
  • B: storage1 and WebApp1 only
  • C: VM1 and WebApp1 only
  • D: VM1, storage1, and WebApp1

Question 74

DRAG DROP

Your network contains an on-premises Active Directory domain named contoso.com that syncs with Microsoft Entra ID by using Microsoft Entra Connect. The domain contains the users shown in the following table.

Image 1

From Active Directory Users and Computers, you add the following user:

• Name: User3
• UPN: user3@contoso.com
• Proxy addresses: smtp: user3@contoso.com, smtp: sales@contoso.com

From Active Directory Users and Computers, you update the proxyAddresses attribute for each user as shown in the following table.

Image 2

You trigger a manual synchronization.

Which sync status will Microsoft Entra Connect sync return for each user? To answer, drag the appropriate status to the correct users. Each status may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Image 3

Question 75

You have a Microsoft 365 tenant that uses the domain name fabrikam.com.

The External collaboration settings are configured as shown in the Collaboration exhibit. (Click the Collaboration tab.)

Image 1

The Email one-time passcode for guests setting is enabled for the tenant.

A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table.

Image 2

Which users will be emailed a passcode?

  • A: User1 only
  • B: User2 only
  • C: User1 and User2 only
  • D: User1, User2, and User3
Page 3 of 17 • Questions 51-75 of 401
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!