Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SC-300 by Microsoft - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

HOTSPOT

You have two Microsoft Entra tenants named contoso.com and fabrikam.com. Contoso.com contains the users shown in the following table.

Question 4

You have a Microsoft Entra tenant.

You have the end-user desktop environments shown in the following table.

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication.
Does this meet the goal?

A Yes
B No

Question 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure conditional access policies.
Does this meet the goal?

A Yes
B No

Question 7

You have an Azure Active Directory (Azure AD) tenant that contains the following objects.
✑ A device named Device1
✑ Users named User1, User2, User3, User4, and User5
Five groups named Group1, Group2, Group3, Group4, and Group5

The groups are configured as shown in the following table.

Question 8

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of user1@outlook.com.
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.
What should you do?

A Run the New-AzADUser cmdlet.
B Configure the External collaboration settings.
C Add a WS-Fed identity provider.
D Create a guest user account in contoso.com.

Question 9

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using
Azure AD Connect.
You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync.
What should you do in Azure AD Connect?

A Create an inbound synchronization rule for the Windows Azure Active Directory connector.
B Configure a Full Import run profile.
C Create an inbound synchronization rule for the Active Directory Domain Services connector.
D Configure an Export run profile.

Question 10

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

Question 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure Azure AD Password Protection.
Does this meet the goal?

A Yes
B No

Question 12

HOTSPOT -
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.

Question 13

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?

A a user flow
B the terms of use
C a linked subscription
D an access review

Question 14

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.
Several users use their contoso.com email address for self-service sign-up to Azure Active Directory (Azure AD).
You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.
You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?

A Set-MsolCompanySettings
B Set-MsolDomainFederationSettings
C Update-MsolfederatedDomain
D Set-MsolDomain

Question 15

DRAG DROP -
You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com.
You register the name contoso.com with a domain registrar.
You need to use contoso.com as the default domain name for new Microsoft 365 users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Question 16

You have a Microsoft 365 subscription.

You need to ensure that when users access the Microsoft 365 portal from Microsoft Edge and have their browser language set to Spanish, they are presented with a Spanish sign-in form.

What should you do in the Microsoft Entra admin center?

A From Settings for the users, configure the Usage location setting.
B From Global Secure Access, configure the Session management settings.
C Configure the Company branding settings.
D Create a Conditional Access policy.

Question 17

DRAG DROP -
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3.
You need to configure the users as shown in the following table.

Question 18

You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. The tenant uses pass-through authentication.
A corporate security policy states the following:
✑ Domain controllers must never communicate directly to the internet.
✑ Only required software must be installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.

Question 19

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of user1@outlook.com.
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.
What should you do?

A Run the New-AzureADMSInvitation cmdlet.
B Configure the External collaboration settings.
C Add a WS-Fed identity provider.
D Implement Azure AD Connect.

Question 20

You have a Microsoft Entra tenant named contoso.com that contains an enterprise application named App1.

A contractor uses the credentials of user1@outlook.com.

You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.

What should you do?

A Implement Microsoft Entra Connect sync.
B Add a custom domain name to contoso.com.
C Implement Microsoft Entra Application Proxy.
D Run the New-MgInvitation cmdlet.

Question 21

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1.
You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:
✑ Guest users must be able to sign up by using a one-time password.
✑ The users must provide their first name, last name, city, and email address during the sign-up process.
What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question 22

You have an Azure Active Directory (Azure AD) Azure AD tenant.
You need to bulk create 25 new user accounts by uploading a template file.
Which properties are required in the template file?

A displayName, identityIssuer, usageLocation, and userType
B accountEnabled, givenName, surname, and userPrincipalName
C accountEnabled, displayName, userPrincipalName, and passwordProfile
D accountEnabled, passwordProfile, usageLocation, and userPrincipalName

Question 23

HOTSPOT -

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains computers that run Windows 11.

You have a Microsoft 365 E5 subscription.

You plan to enable hybrid join and enroll the computers in Microsoft Intune.

You need to recommend the software that should be deployed to the domain, and the actions that should be performed in Intune.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 24

DRAG DROP -
You need to resolve the recent security incident issues.
What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Question 25

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

Page 1 of 16 • Questions 1-25 of 400

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
✑ A device named Device1
✑ Users named User1, User2, User3, User4, and User5
✑ Groups named Group1, Group2, Group3, Group4, and Group5
The groups are configured as shown in the following table.

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

A Group1 and Group4 only
B Group1, Group2, Group3, Group4, and Group5
C Group1 and Group2 only
D Group1 only
E Group1, Group2, Group4, and Group5 only

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure password writeback.
Does this meet the goal?

A Yes
B No

You configure cross-tenant synchronization from contoso.com to fabrikam.com by using the following settings:
• Users and groups: Group1
• Provisioning Mode: Automatic
• Attribute Mappings
o Source Object Scope: Filter1, Filter2

Filter1 is configured as shown in the following table.

Filter2 is configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You need to deploy Global Secure Access.

In which environments can you install the Global Secure Access client?

A Contractors, Developers, Frontline workers, Office staff, and Senior managers
B Frontline workers and Senior managers only
C Contractors and Office staff only
D Developers, Office staff, and Senior managers only

How many licenses are used if you assign the Microsoft 365 Enterprise E5 license to Group1?

A 0
B 2
C 3
D 4

All the users work remotely.
Azure AD Connect is configured in Azure AD as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost.
Which users can sign in to Azure AD?

A User1 and User3 only
B User1 only
C User1, User2, and User3
D User1 and User2 only

You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU
Filtering tab.)

You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Which portal should you use to configure each user? To answer, drag the appropriate portals to the correct users. Each portal may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?

A Server4
B Server2
C Server1
D Server3

A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table.

Which users will be emailed a passcode?

A User2 only
B User1 only
C User1 and User2 only
D User1, User2, and User3

SC-300Preview