Skip Navigation Links
 

Microsoft - SC-300: Microsoft Identity and Access Administrator

Sample Questions

Question: 261
Measured Skill: Implement and manage user identities (20–25%)

You have a Microsoft Entra ID tenant that contains the external user shown in the following exhibit.



You update the email address of the user.

You need to ensure that the user can authenticate by using the updated email address.

What should you do for the user?

AModify the Authentication methods settings.
B Reset the password.
C Revoke the active sessions.
D Reset the redemption status.

Correct answer: D

Explanation:

There might be times when you'll need to update the sign-in information for an external B2B collaboration guest user, for example when:

  • The user wants to sign in using a different email and identity provider
  • The account for the user in their home tenant has been deleted and re-created
  • The user has moved to a different company, but they still need the same access to your resources
  • The user’s responsibilities have been passed along to another user

To manage these scenarios previously, you had to manually delete the guest user’s account from your directory and reinvite the user. Now you can use the Microsoft Entra admin center, PowerShell or the Microsoft Graph invitation API to reset the user's redemption status and reinvite the user while keeping the user's object ID, group memberships, and app assignments. When the user redeems the new invitation, the UserPrincipalName (UPN) of the user doesn't change, but the user's sign-in name changes to the new email. Then the user can sign in using the new email or an email you've added to the otherMails property of the user object.

Reference: Reset redemption status for a guest user



Question: 262
Measured Skill: Implement and manage user identities (20–25%)

You have a Microsoft Entra ID tenant.

You need to ensure that only users from specific external domains can be invited as guests to the tenant.

Which settings should you configure?

AExternal collaboration settings
B All identity providers
C Cross-tenant access settings
D Linked subscriptions

Correct answer: A

Explanation:

External collaboration settings let you specify what roles in your organization can invite external users for B2B collaboration. These settings also include options for allowing or blocking specific domains, and options for restricting what external guest users can see in your Microsoft Entra directory. The following options are available:

  • Determine guest user access: Microsoft Entra External ID allows you to restrict what external guest users can see in your Microsoft Entra directory. For example, you can limit guest users' view of group memberships, or allow guests to view only their own profile information.

  • Specify who can invite guests: By default, all users in your organization, including B2B collaboration guest users, can invite external users to B2B collaboration. If you want to limit the ability to send invitations, you can turn invitations on or off for everyone, or limit invitations to certain roles.

  • Enable guest self-service sign-up via user flows: For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. You can enable the feature in your external collaboration settings, and then add a self-service sign-up user flow to your app.

  • Allow or block domains: You can use collaboration restrictions to allow or deny invitations to the domains you specify.

B2B collaboration can be configured from the external collaboration settings.

Reference: Configure external collaboration settings



Question: 263
Measured Skill: Implement authentication and access management (25–30%)

You have an Azure subscription that contains the resources shown in the following table.



The subscription contains the virtual machines shown in the following table.



Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AIdentities that can have the Owner role assigned: Managed1 only
Virtual machines that can have Managed2 assigned: VM1, VM2, and VM4 only
B Identities that can have the Owner role assigned: Managed1, VM1, and VM3 only
Virtual machines that can have Managed2 assigned: VM2 and VM4 only
C Identities that can have the Owner role assigned: Managed1, Managed2, and VM1 only
Virtual machines that can have Managed2 assigned: VM1, VM2, and VM4 only
D Identities that can have the Owner role assigned: Managed1, Managed2, VM1, and VM2 only
Virtual machines that can have Managed2 assigned: VM1, VM2, VM3, and VM4
E Identities that can have the Owner role assigned: Managed1, Managed2, VM1, VM2, and VM3
Virtual machines that can have Managed2 assigned: VM1, VM2, VM3, and VM4
F Identities that can have the Owner role assigned: Managed1, Managed2, VM1, VM2, and VM3
Virtual machines that can have Managed2 assigned: VM4 only

Correct answer: D

Explanation:

Managed identities for Azure resources can be used to authenticate to services that support Microsoft Entra authentication. Both system assigned managed identities and user assigned managed identity support assigning role-based access control (RBAC) roles to grant permissions.

You can use user assigned managed identities in more than one Azure region. While user assigned managed identities are created as regional resources the associated service principal (SP) created in Microsoft Entra ID is available globally. The service principal can be used from any Azure region and its availability is dependent on the availability of Microsoft Entra ID. For example, if you created a user assigned managed identity in the South-Central region and that region becomes unavailable this issue only impacts control plane activities on the managed identity itself. The activities performed by any resources already configured to use the managed identities wouldn't be impacted.

Resources that s>upport managed identities can have both a system-assigned identity and one or more user-assigned identities assigned.

References:

Which operations can I perform on managed identities?

Can the same managed identity be used across multiple regions?



Question: 264
Measured Skill: Plan and implement identity governance (20–25%)

You have an Azure subscription that contains the users shown in the following table.



You need to implement Microsoft Entra Privileged Identity Management (PIM).

Which users can use PIM to activate their role permissions?

AAdmin1 only
B Admin2 only
C Admin3 only
D Admin1 and Admin2 only
E Admin2 and Admin3 only
F Admin1, Admin2, and Admin3

Correct answer: C

Explanation:

You can manage just-in-time assignments to all Microsoft Entra roles and all Azure roles using Privileged Identity Management (PIM) in Microsoft Entra ID. Azure roles include built-in and custom roles attached to your management groups, subscriptions, resource groups, and resources. However, there are few roles that you can't manage. 

You cannot manage the following classic subscription administrator roles in Privileged Identity Management:

  • Account Administrator
  • Service Administrator
  • Co-Administrator

Reference: Roles you can't manage in Privileged Identity Management



Question: 265
Measured Skill: Plan and implement workload identities (20–25%)

You have a Microsoft Entra ID tenant.

You perform the tasks shown in the following table.



On April 5, an administrator deletes App1, App2, App3, and App4.

You need to restore the apps and the settings.

Which apps can you restore on April 16, and which settings can you restore for App4 on April 16?

( To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AApps: No apps
App4 settings: No settings
B Apps: App4 only
App4 settings: Users and groups and Self-service only
C Apps: App3 and App4 only
App4 settings: Self-service only
D Apps: App2, App3, and App4 only
App4 settings: App roles and Client secret only
E Apps: App1, App2, App3, and App4
App4 settings: No settings
F Apps: App1, App2, App3, and App4
App4 settings: App roles, Users and groups, Client secret, and Self-service

Correct answer: F

Explanation:

After you delete an app registration, the app remains in a suspended state for 30 days. During that 30-day window, the app registration can be restored, along with all its properties. After that 30-day window passes, app registrations can't be restored, and the permanent deletion process may be automatically started. This functionality only applies to applications associated to a directory. It isn't available for applications from a personal Microsoft account, which can't be restored.

You can view your deleted applications, restore a deleted application, or permanently delete an application using the Identity Applications > App registrations in the Microsoft Entra admin center.

Neither you nor Microsoft customer support can restore a permanently deleted application or an application deleted more than 30 days ago.

Reference: Restore or remove a recently deleted application with the Microsoft identity platform





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com