SC-300 || Already Passed.
What kind of resources can employees sign in to with Azure AD? correct answers External and
internal resources
Microsoft 365, the Azure portal, and thousands of other SaaS applications are examples of ....
resources correct answers external
Apps on your corporate network and intranet, along with any cloud apps developed by your own
organization are examples of ... resources correct answers internal
Who is Azure AD intended for? correct answers 1) IT admins, 2) App developers, 3) Microsoft
365, Office 365, Azure, or Dynamics CRM Online subscribers
A few of the more important Azure AD roles correct answers 1) Global Admin, 2) User Admin,
3) Billing Admin
PIM (abbreviation) correct answers Privileged Identity Management
What does PIM allow you to do ? correct answers to configure the user eligibility to be elevated
just-in-time into a role
How do custom Azure AD roles differ from built-in ones? correct answers can be assigned at the
scope of a single AAD resource
Who can manage domains in Azure AD? correct answers Global Admins
How many domain names can you add to AAD? correct answers up to 900
TRUE / FALSE: Changing the primary domain names for your organization changes the user
name for existing users correct answers FALSE
How do you add subdomains of a custom domain? correct answers when the root domains is
added, the subdomain is automatically verified by Azure AD.
How do you verify a subdomain in a different Azure AD organization? correct answers by
adding a TXT record in the DNS hosting provider.
What to keep in mind when deleting a custom domain name correct answers ensure that no
resources in your organization rely on the domain name (user names, group addresses,
application ID URIs)
What does ForceDelete do? correct answers update all references from the custom to the default
domain using an asynchronous operation.
,Requirements ForceDelete correct answers 1) < 1000 references to the domain name, any
references where Exchange is the provisioning service must be updates or removed
When can you expect an error with ForceDelete? correct answers 1) Number of objects > 1000,
2) One of the apps is a multi-tenant app
What is the goal of Azure AD registered devices ? correct answers to provide your users with
support for the BYOD and mobile device scenarios.
How can admins secure and further control Azure AD registered devices by using MDM? correct
answers enforce organization-required configurations .
How can Azure Ad registration be accomplished? correct answers when accessing a work
application for the first time or manually using the Windows 10 Settings menu.
What is Azure AD join intended for? correct answers organizations that want to be cloud-first or
cloud-only.
How can Azure AD join be accomplished? correct answers using self-service options like
OOBE, bulk enrollment, or Windows Autopilot.
Self-service experience (Azure AD join) enables you to correct answers distribute shrink-
wrapped devices to your employees
What are Hybrid Azure AD joined devices? correct answers devices that are joined with your on-
prem AD and registered with your Azure AD.
What are Administrative Units? correct answers resources that can be containers for other Azure
AD resources.
What can administrative units contain? correct answers users and groups.
What do Administrative Units do? correct answers restrict permissions in a role to any portion of
your organization that you define.
How can you manage Administrative Units? correct answers the Azure portal, PowerShell
cmdlets and scripts, or Microsoft Graph.
What criteria should be evaluated for each task (in relation to roles)? correct answers frequency,
importance, and difficulty
Which are the most privileged application administrator roles? correct answers 1) Application
Administrator, 2) Cloud Application Administrator
When to assign ownership to individual enterprise applications correct answers for even finer-
grained app access delegation
, What default permissions are given to members of an Azure AD? correct answers register
applications, manage profile photo and mobile number, change password, invite B2B guests,
read all directory information
What default permissions are given to guest users? correct answers manage their own profile,
change their password and retrieve some info about other users, groups and apps, invite other
guests.
Why allow sign in with LinkedIn on Azure AD? correct answers 1) allow members without
having to need a new account, 2) minimize costs and time associated with implementing your
own login etc., 3) personalize your sites and applications with the latest member profiles
Preconfigured security settings to help protect your organization are correct answers 1) require
users to register for Azure AD Multi-Factor Auth, 2) Require admins to perform multi-factor
authentication, 3) block legacy authentication protocols, 4) require users to perform MFA when
necessary, 5) protect privileged activities like access to the Azure portal
In which 3 ways are users defined in AAD? correct answers 1) Cloud identities, 2) Directory-
synchronized identities, 3) Guest users
What is/are the source(s) for Cloud identities? correct answers 1) Azure Active Directory, or 2)
External Azure Active Directory
What is/are the source(s) for Directory-synchronized identities? correct answers Windows Server
AD
What is/are the source(s) for Guest users? correct answers Invited user
User groups lets the .... assign a set of access permissions to all the members of a group correct
answers resource owner of AAD directory owner
Which two types of groups does Azure AD allow you to define? correct answers 1) Security
Groups, 2) Microsoft 365 groups
What are Security Groups used for in Azure AD? correct answers to manage member and
computer access to shared resources
What are Microsoft 365 groups used for in Azure AD? correct answers provide collaboration
opportunities by giving members access to shared services.
Who can define a Security Group in Azure AD? correct answers Azure AD admins
Who can define a Microsoft 365 group? correct answers users and admins
What kind of resources can employees sign in to with Azure AD? correct answers External and
internal resources
Microsoft 365, the Azure portal, and thousands of other SaaS applications are examples of ....
resources correct answers external
Apps on your corporate network and intranet, along with any cloud apps developed by your own
organization are examples of ... resources correct answers internal
Who is Azure AD intended for? correct answers 1) IT admins, 2) App developers, 3) Microsoft
365, Office 365, Azure, or Dynamics CRM Online subscribers
A few of the more important Azure AD roles correct answers 1) Global Admin, 2) User Admin,
3) Billing Admin
PIM (abbreviation) correct answers Privileged Identity Management
What does PIM allow you to do ? correct answers to configure the user eligibility to be elevated
just-in-time into a role
How do custom Azure AD roles differ from built-in ones? correct answers can be assigned at the
scope of a single AAD resource
Who can manage domains in Azure AD? correct answers Global Admins
How many domain names can you add to AAD? correct answers up to 900
TRUE / FALSE: Changing the primary domain names for your organization changes the user
name for existing users correct answers FALSE
How do you add subdomains of a custom domain? correct answers when the root domains is
added, the subdomain is automatically verified by Azure AD.
How do you verify a subdomain in a different Azure AD organization? correct answers by
adding a TXT record in the DNS hosting provider.
What to keep in mind when deleting a custom domain name correct answers ensure that no
resources in your organization rely on the domain name (user names, group addresses,
application ID URIs)
What does ForceDelete do? correct answers update all references from the custom to the default
domain using an asynchronous operation.
,Requirements ForceDelete correct answers 1) < 1000 references to the domain name, any
references where Exchange is the provisioning service must be updates or removed
When can you expect an error with ForceDelete? correct answers 1) Number of objects > 1000,
2) One of the apps is a multi-tenant app
What is the goal of Azure AD registered devices ? correct answers to provide your users with
support for the BYOD and mobile device scenarios.
How can admins secure and further control Azure AD registered devices by using MDM? correct
answers enforce organization-required configurations .
How can Azure Ad registration be accomplished? correct answers when accessing a work
application for the first time or manually using the Windows 10 Settings menu.
What is Azure AD join intended for? correct answers organizations that want to be cloud-first or
cloud-only.
How can Azure AD join be accomplished? correct answers using self-service options like
OOBE, bulk enrollment, or Windows Autopilot.
Self-service experience (Azure AD join) enables you to correct answers distribute shrink-
wrapped devices to your employees
What are Hybrid Azure AD joined devices? correct answers devices that are joined with your on-
prem AD and registered with your Azure AD.
What are Administrative Units? correct answers resources that can be containers for other Azure
AD resources.
What can administrative units contain? correct answers users and groups.
What do Administrative Units do? correct answers restrict permissions in a role to any portion of
your organization that you define.
How can you manage Administrative Units? correct answers the Azure portal, PowerShell
cmdlets and scripts, or Microsoft Graph.
What criteria should be evaluated for each task (in relation to roles)? correct answers frequency,
importance, and difficulty
Which are the most privileged application administrator roles? correct answers 1) Application
Administrator, 2) Cloud Application Administrator
When to assign ownership to individual enterprise applications correct answers for even finer-
grained app access delegation
, What default permissions are given to members of an Azure AD? correct answers register
applications, manage profile photo and mobile number, change password, invite B2B guests,
read all directory information
What default permissions are given to guest users? correct answers manage their own profile,
change their password and retrieve some info about other users, groups and apps, invite other
guests.
Why allow sign in with LinkedIn on Azure AD? correct answers 1) allow members without
having to need a new account, 2) minimize costs and time associated with implementing your
own login etc., 3) personalize your sites and applications with the latest member profiles
Preconfigured security settings to help protect your organization are correct answers 1) require
users to register for Azure AD Multi-Factor Auth, 2) Require admins to perform multi-factor
authentication, 3) block legacy authentication protocols, 4) require users to perform MFA when
necessary, 5) protect privileged activities like access to the Azure portal
In which 3 ways are users defined in AAD? correct answers 1) Cloud identities, 2) Directory-
synchronized identities, 3) Guest users
What is/are the source(s) for Cloud identities? correct answers 1) Azure Active Directory, or 2)
External Azure Active Directory
What is/are the source(s) for Directory-synchronized identities? correct answers Windows Server
AD
What is/are the source(s) for Guest users? correct answers Invited user
User groups lets the .... assign a set of access permissions to all the members of a group correct
answers resource owner of AAD directory owner
Which two types of groups does Azure AD allow you to define? correct answers 1) Security
Groups, 2) Microsoft 365 groups
What are Security Groups used for in Azure AD? correct answers to manage member and
computer access to shared resources
What are Microsoft 365 groups used for in Azure AD? correct answers provide collaboration
opportunities by giving members access to shared services.
Who can define a Security Group in Azure AD? correct answers Azure AD admins
Who can define a Microsoft 365 group? correct answers users and admins
