最新 [2025年12月31日] Microsoft SC-300リアル試験問題集PDF
SC-300練習テスト問題は更新された346問題あります
Microsoft SC-300 認定試験は、Microsoft Azureでアイデンティティとアクセスのソリューションを管理する能力と知識を検証する、チャレンジングで報酬のある認定試験です。この認定試験は、Microsoftによって認められており、Azure ADおよび関連技術の設定と管理の実務経験を持つプロフェッショナルを対象としています。試験は、フィールドでの最新の技術、実践、トレンドをカバーしています。
Microsoft SC-300試験の準備をするために、候補者はAzure ADおよびAzureサービスで実践的な経験を積むことをお勧めします。 Microsoftは、候補者が試験の準備を支援するために、インストラクター主導のコース、自己ペースのオンライントレーニング、練習試験など、さまざまなトレーニングリソースを提供しています。 Microsoft SC-300試験に合格すると、IDとアクセス管理に関する候補者の専門知識を検証し、Microsoft AzureのIDソリューションとアクセスソリューションを効果的に管理する能力を実証します。この認定は雇用主によって高く評価されており、個人がクラウドベースのアイデンティティとアクセス管理の分野でキャリアを前進させるのに役立ちます。
Microsoft SC-300(Microsoft Identity and Access Administrator)認定試験は、Microsoft Azure Active Directory(AAD)およびMicrosoft 365のIDとアクセスの管理に関するIT専門家のスキルと知識をテストするように設計されています。管理者やセキュリティの専門家など、組織のアイデンティティとアクセスを管理する責任があります。この認定は、Microsoft環境でのIDおよびアクセス管理に関する専門知識を実証したいIT専門家にとって貴重な資産です。
質問 # 93
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table.
In Azure AD Connect. Domain/OU Filtering is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 94
Drag and Drop Question
Your network contains an on-premises Active Directory domain named contoso.com that syncs with Microsoft Entra ID by using Microsoft Entra Connect. The domain contains the users shown in the following table.
From Active Directory Users and Computers, you add the following user:
- Name: User3
- UPN: [email protected]
- Proxy addresses: smtp: [email protected], smtp: [email protected]
From Active Directory Users and Computers, you update the proxyAddresses attribute for each user as shown in the following table.
You trigger a manual synchronization.
Which sync status will Microsoft Entra Connect sync return for each user? To answer, drag the appropriate status to the correct users. Each status may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 95
You need to sync the ADatum users. The solution must meet the technical requirements.
What should you do?
- A. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.
- B. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
- C. From PowerShell, run Start-ADSyncSyncCycle.
- D. From PowerShell, run Set-ADSyncScheduler.
正解:B
解説:
You need to select Customize synchronization options to configure Azure AD Connect to sync the Adatum organizational unit (OU).
Implement an identity management solution
Question Set 2
質問 # 96
You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.
You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.
Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 97
Drag and Drop Question
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server1.
You deploy a new server named Server1 that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
質問 # 98
You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
質問 # 99
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to meet the following requirements:
* Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
* Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
解説:
質問 # 100
You need to meet the authentication requirements for leaked credentials.
What should you do?
- A. Enable password hash synchronization in Azure AD Connect.
- B. Configure an authentication method policy in Azure AD.
- C. Enable federation with PingFederate in Azure AD Connect.
- D. Configure Azure AD Password Protection.
正解:A
解説:
In SC-300, Azure AD Identity Protection is the prescribed control to "automatically detect and remediate externally leaked credentials." That specific user risk-Leaked credentials-relies on Microsoft comparing known breached username/password pairs with what Azure AD can evaluate. The study materials explain that Identity Protection "detects leaked credentials when Microsoft finds a match with the user's current credentials," and also note that password hash synchronization (PHS) can be enabled even if your sign-in method is Pass-through Authentication or federation. A common exam call-out is that without PHS, Azure AD has no hash to compare, so the leaked-credential signal is unavailable. Enabling PHS (you can keep PTA as the active sign-in method) allows Identity Protection to raise user risk and enforce policy actions such as require password change or block access. By contrast, Azure AD Password Protection addresses banned/weak passwords at change time, not breached-credential telemetry; federation choices (e.g., PingFederate) don't deliver the leaked-credential signal; and authentication method policy controls how users perform MFA (e.g., methods) rather than whether leaked credentials are detected. Therefore, to meet the requirement to
"automatically detect and remediate externally leaked credentials," the minimum correct step is to enable password hash synchronization while retaining PTA-exactly as recommended in SC-300 guidance.
質問 # 101
You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User1, and User3, You create a group named Group1. You add User2 and User3 to Group1.
You configure a role in Azure AD Privileged identity Management (PIM) as shown in the application administrator exhibit. (Click the application Administrator tab.)
Group1 is configured as the approver for the application administrator role.
You configure User2to be eligible for the application administrator role.
For User1, you add an assignment to the Application administrator role as shown in the Assignment exhibit.
(Click Assignment tab)
For each of the following statement, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 102
Hotspot Question
You have a Microsoft Entra tenant that has a Microsoft Entra ID P2 service plan. The tenant contains the users shown in the following table.
You have the Device settings shown in the following exhibit.
User1 has the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 103
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.
For which groups can you create an access review?
- A. Group1 and Group2 only
- B. Group1, Group2, Group4, and Group5 only
- C. Group1 only
- D. Group1 and Group4 only
- E. Group1, Group2, Group3, Group4 and Group5
正解:B
解説:
You cannot create access reviews for device groups.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
質問 # 104
Your network contains an on-premises Active Directory Domain services (AD DS) domain that syncs with an Azure AD tenant. The AD DS domain contains the organizational units (OUs) shown in the following table.
You need to create a break-glass account named BreakGlass.
Where should you create BreakGlass, and which role should you assign to BreakGlass? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 # 105
You have a Microsoft 365 E5 subscription. You need to perform the following tasks:
* Identify the locations and IP addresses used by Azure AD users to sign in
* Review the Azure AD security settings and identify improvement recommendations.
* Identify changes to Azure AD users or service principle.
What should you use for each task? To answer, drag the appropriate resources to the correct requirements. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
解説:
質問 # 106
You have a Microsoft 365 E5 subscription.
You need to create a dynamic user group that will include all the users that do NOT have a department defined in their user profile.
How should you complete the membership rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 107
You have a Microsoft Entra tenant that contains the users shown in the following table.
You have an administrative unit named Au1.Group1, User2, and User3are members of Au1.
User5 is assigned the User Administrator role for Au1.
For which users can User5 reset passwords?
- A. User3 and User4 only
- B. User1, User2, and User3
- C. User1 and User2 only
- D. User2 and User3 only
正解:D
質問 # 108
You have a Microsoft Entra tenant named contoso.com that contains an enterprise application named Appl.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1 @outlook.com.
What should you do?
- A. Implement Microsoft Entra Connect sync.
- B. Run the New-Mglnvitation cmdlet
- C. Run the New-Mguser cmdlet
- D. Configure the External collaboration settings
正解:B
質問 # 109
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
The users have the devices shown in the following table.
You create the following two Conditional Access policies:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -starts With "Device*"
o Access controls
Grant: Block access
Session: 0 controls selected
o Enable policy: On
* Name: CAPolicy2
* Assignments
o Users or workload identities: Group2
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions: 0 conditions selected
* Access controls
o Grant: Grant access
Require multifactor authentication
o Session:
0 controls selected
* Enable policy: On
All users confirm that they can successfully authenticate using MFA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 110
You have an Azure AD tenant.
You need to bulk create 25 new user accounts by uploading a template file.
Which properties are required in the template file?
- A. Option D
- B. Option A
- C. Option B
- D. Option C
正解:C
質問 # 111
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
Name: Group1
Members: User1, User2
Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click theExhibittab.)
Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.
正解:
解説:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/review-your-access
質問 # 112
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 hosts PDF files.
You need to prevent users from printing the files directly from Site1.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?
- A. access policy
- B. file policy
- C. session policy
- D. activity policy
正解:C
解説:
https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad
質問 # 113
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.
users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqe1 that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
解説:
According to the official Microsoft SC-300: Microsoft Identity and Access Administrator Study Guide and Exam Ref SC-300 textbook, when configuring Entitlement Management in Azure AD Identity Governance
, connected organizations are used to define which external directories or domains are allowed to request access to specific access packages. A connected organization represents a single external organization whose users can be invited as guests (B2B collaboration users) or allowed to request access packages.
Each connected organization is identified by its verified domain names. For example, if you have two separate companies, Fabrikam, Inc. and Litware, Inc., and they each have distinct verified domains - fabrikam.com, adatum.com (for Fabrikam), and litwareinc.com, contoso.com (for Litware) - they must each be configured as separate connected organizations because connected organizations are defined at the organization level, not per domain.
Even though each organization may have multiple verified domains, the configuration treats all of an organization's verified domains as part of the same connected organization. Therefore, to allow users from both Fabrikam and Litware to request access to Package1, you must create two connected organizations - one for Fabrikam and one for Litware.
This behavior is confirmed in Microsoft documentation and training modules under "Manage connected organizations" in Azure AD Entitlement Management, which states that "each external organization that requires access must have its own connected organization entry, regardless of how many domains it owns."
質問 # 114
You have Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation:
質問 # 115
You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license. The tenant contains the users shown in the following table.
You have the Device Settings shown in the following exhibit.
User1 has the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
質問 # 116
......
Microsoft SC-300問題集で一発合格できる問題を試そう!:https://jp.fast2test.com/SC-300-premium-file.html
SC-300問題集を掴み取れ![最新2025]Microsoft試験問題を提供しています:https://drive.google.com/open?id=1Xq9Klb1SjylTGJtdA_Ll6hJJFVts8lZ1