Skip to main content
Cybersecurity ⭐ Premium ⭐ Featured

Microsoft Identity and Access Administrator (SC-300)

By Webmaster Certland English 📝 340 questions ❤️ 0 likes

Practice exam for the Microsoft Identity and Access Administrator Associate (SC-300) certification. Covers user identity management, authentication and access management, workload identities, and identity governance.

⭐ Premium Updated Mar 2026

Unlock all 340 Microsoft Identity and Access Administrator (SC-300) questions

Full simulation · Detailed explanations · Unlimited attempts

  • 340 questions — ~5 full-length simulations
  • Detailed explanations — why each answer is right or wrong
  • Unlimited attempts — retake as many times as needed
  • Smart Practice + Focus Mode + no ads
340
Questions
All certifications
from $4.90/mo
⭐ Get Premium — $4.90/mo ▶ Try 5 questions free

Sample Questions — Microsoft Identity and Access Administrator (SC-300)

5 free sample questions from this practice exam. Correct answers are highlighted.

1. A company has a Microsoft Entra ID tenant and wants to allow users to sign in with a domain name that matches their corporate email addresses. The current tenant only has the default .onmicrosoft.com domain. What must the administrator do first?

A Purchase the domain name through the Microsoft 365 admin center and it will automatically be added to the Entra ID tenant
B Add the custom domain name in Microsoft Entra ID and verify ownership by adding a DNS TXT record at the domain registrar ✓ Correct
C Assign the User Administrator role to a user and have them configure the custom domain in Entra ID settings
D Create a new Microsoft Entra ID tenant with the desired domain name as the initial domain

2. An identity administrator needs to compare Microsoft Entra ID Free versus Microsoft Entra ID P2. Which feature is available ONLY in Microsoft Entra ID P2?

A Self-service password reset for all cloud users
B Conditional Access policies for enforcing MFA
C Privileged Identity Management for just-in-time role activation ✓ Correct
D Group-based licensing assignment

3. A company wants to prevent MFA fatigue attacks where users receive repeated Microsoft Authenticator push notification requests and accidentally approve them. Which Microsoft Authenticator feature should the administrator enable to mitigate this risk?

A Enable additional context in the Authenticator push notification to show the app name and location
B Enable number matching in the Microsoft Authenticator authentication method policy ✓ Correct
C Configure per-user MFA in the legacy MFA portal with fraud alert enabled
D Deploy FIDO2 security keys as the primary authentication method instead of push notifications

4. An organization wants to allow a specific group of users to self-register FIDO2 security keys as a passwordless authentication method. Users in the 'SecurityKeyUsers' group should be able to register FIDO2 keys, while other users should not. How should the administrator configure this?

A Enable FIDO2 security key in the legacy per-user MFA portal and add the SecurityKeyUsers group to the allowed list
B Create a Conditional Access policy requiring FIDO2 authentication strength for the SecurityKeyUsers group to encourage registration
C In the Authentication Methods policy, enable FIDO2 Security Key and configure the target group to include only the SecurityKeyUsers group ✓ Correct
D Configure device registration settings in Microsoft Entra ID to allow FIDO2 key registration for the SecurityKeyUsers group only

5. An organization wants to use Azure Lighthouse to allow a Managed Security Service Provider (MSSP) to manage security operations across multiple customer Azure subscriptions. What must the MSSP and each customer configure for this delegated access?

A Create B2B guest accounts for each MSSP employee in every customer's Entra ID tenant and assign appropriate RBAC roles
B Register service principals in each customer's Azure tenant with credentials shared to the MSSP's management systems
C Establish AD FS trust relationships between the MSSP's Entra ID tenant and each customer's Entra ID tenant
D Each customer deploys an ARM template (Azure Lighthouse onboarding template) defining the MSSP's tenant, specific groups/users, and the RBAC roles to delegate ✓ Correct

Want to test yourself for real?

Create a free account and run our exam simulation engine.

Free No credit card
  • Simulation engine
  • Up to 10 questions per attempt
  • Score & basic stats
Create free account Already have an account? Sign in
Best
Premium Premium
  • All 340 questions
  • Detailed explanations
  • Smart Practice + Focus Mode
⭐ Get Premium

Information

Questions 340
Time 2h
Difficulty Medium
Minimum Score 70.00%
▶ Try 5 questions — no account needed ⭐ Unlock all questions — Premium 🤍 Like

💰 ROI

Official exam $165.00
CertLand $4.90/mo
Prepare for $165 for less than a coffee/mo

Study Guides & Articles

Free

How to Pass Microsoft Identity and Access Administrator (SC-300) in 2026: Complete Study Guide

Complete SC-300 study guide covering exam format, all four domains, key concepts, and a 6-week plan to pass Microsoft Identity and Access Administrator in 2026.
⭐ Premium

SC-300 Deep Dive: Entra ID Conditional Access, PIM, and Entitlement Management

Master the hardest SC-300 topics: Conditional Access policy conditions and controls, PIM activation workflows, access review configurations, and Entitlement Management end-to-end.
⭐ Premium

SC-300 Exam Traps: Conditional Access Gaps, Managed Identities, and App Registrations

Avoid the most dangerous SC-300 exam traps: app registration vs enterprise app, system-assigned vs user-assigned managed identities, legacy auth bypasses, and Entra Connect vs Cloud Sync.

Related Exams

⭐ Premium

ISACA CISA — Certified Information Systems Auditor

340 questions · English
⭐ Premium

Cisco CyberOps Associate (200-201 CBROPS)

340 questions · English
⭐ Premium

Microsoft Azure Security Technologies (AZ-500)

340 questions · English
⭐ Premium

ISC2 Certified in Cybersecurity (CC)

340 questions · English

Discussion

No comments yet. Be the first to start the discussion!

Sign in to join the discussion.