SC-300 practice test

SC-300 Practice Test, Practice Exam and Questions for the Microsoft Identity and Access Administrator Certification

Upload your Microsoft Entra notes, and the AI writes unlimited SC-300 practice questions with an answer key in seconds. Weighted to the four domains Microsoft actually publishes for the identity exam.

Your study files are processed securely and deleted automatically after your practice questions are built.

Upload your SC-300 or Entra notes and generate your first question set

Click to upload or drag and drop

PDF, DOCX, PPTX, TXT, JPG, JPEG, PNG, HEIC, ODP, ODT, BMP, or TIFF

up to 20MB

Please wait, your quiz is being created...

Uploading...

SC-300 is Microsoft Identity and Access Administrator, and it earns the Identity and Access Administrator Associate certification. It has four domains: implement and manage user identities (20 to 25 percent), implement authentication and access management (25 to 30 percent, the biggest), plan and implement workload identities (20 to 25 percent), and plan and automate identity governance (20 to 25 percent). Skills are stamped as of April 27, 2026. You need 700 out of 1000. The single most useful fact: SC-300 is the most Entra-dense outline Microsoft publishes. The word Entra appears 28 times in its skills-measured section, more than twice as often as in SC-900, and Microsoft Sentinel appears zero times. This exam is identity plumbing, not incident response.

Last updated July 2026

SC-300 is the Entra exam. You can prove it by counting words.

Microsoft's security track has three exams that people constantly mix up. The fastest way to tell them apart is to count product names in the official skills-measured outlines, which is exactly what we did. The counts below come straight from the current study guides on Microsoft Learn.

Term in the official outline SC-300 (identity) SC-900 (fundamentals) SC-200 (sec ops) What it tells you
Entra2812low single digitsSC-300 is the Entra exam, by a wide margin
Conditional Access91low single digitsA full functional group on SC-300, a mention on SC-900
Sentinel0216Incident response lives on SC-200, not here
Defender3820SC-300 touches only Defender for Cloud Apps
Copilot / agent00presentSC-300 is untouched by the AI wave so far
PIM500Privileged Identity Management is examined only here

The SC-300 outline runs about 893 words, one of the longest in the security track, and nearly every bullet starts with configure, implement or manage. This is not a describe-level exam. It expects you to have built Conditional Access policies, wired up Entra Connect Sync, registered applications and run access reviews, or at least to have drilled those workflows until you can answer scenario questions about them cold.

That is where question drilling earns its keep. You can generate practice questions from your own Entra notes and weight them to the four real domains rather than whatever a generic bank happens to cover.

Passing score
700 / 1000
Domains
4
Entra mentions in the outline
28
Practice questions
Unlimited

SC-300 skills measured, straight from Microsoft's study guide

Four domains, and none is worth less than 20 percent. The two that sink working admins are the last two, because they cover the parts of Entra most tenants set up once and never touch again.

Domain What is actually in it Weight
Implement and manage user identitiesTenant configuration, built-in and custom Entra roles, administrative units, users, groups, custom security attributes, licensing, and device join. Then external identities: B2B invitations, cross-tenant access and synchronization, SAML and WS-Fed identity providers. Then hybrid: Entra Connect Sync, Cloud Sync, password hash sync, pass-through authentication, seamless SSO and migrating off AD FS.20 to 25%
Implement authentication and access managementThe biggest domain. Authentication methods including certificate-based auth, Temporary Access Pass, Microsoft Authenticator and passkeys (FIDO2), tenant-wide MFA, SSPR, Windows Hello for Business and Entra password protection. Then Conditional Access end to end: assignments, controls, session management, continuous access evaluation, authentication context and protected actions. Then Entra ID Protection for user, sign-in and workload identity risk, and Global Secure Access with Private Access and Internet Access.25 to 30%
Plan and implement workload identitiesManaged identities versus service principals versus service accounts, and assigning them to Azure resources. Enterprise application integration: settings, roles, consent, Application Proxy for on-premises apps and SaaS integration. App registrations: authentication, API permissions and app roles. Closes with Defender for Cloud Apps: cloud discovery, connected apps, app control policies and OAuth app policies.20 to 25%
Plan and automate identity governanceEntitlement management with catalogs, access packages and connected organizations. Access reviews from planning to remediation. Privileged access: PIM for Entra roles, Azure resources and groups, the approval process, audit history and break-glass accounts. Ends with monitoring: sign-in, audit and provisioning logs, Log Analytics with KQL, workbooks and Identity Secure Score.20 to 25%

One honesty note you will not find on other prep sites: Microsoft's own study guide currently lists the authentication domain at 25 to 30 percent in its skills-at-a-glance summary and 20 to 25 percent in the section heading below it. The two numbers sit on the same page. We show the at-a-glance figure because it is the canonical summary, but either way the practical guidance is identical: this domain is the biggest, and Conditional Access is its center of gravity.

Weights and bullets are current as of the study-guide version stamped April 27, 2026. Microsoft publishes no question count for SC-300 and no pass rate for any exam. Its general guidance is that most exams contain 40 to 60 questions. The passing score is 700 on a scale of 1 to 1000, and Microsoft notes a scaled score may not equal 70 percent of the points.

SC-300 or SC-200: pick by what you do at 9am, not by the number

Both are associate-level security exams, and the numbering tells you nothing. The boundary between them is the boundary between building the locks and watching the cameras.

Question SC-300 SC-200
What is the job?Identity and access administrationSecurity operations and incident response
Core productsEntra ID, Conditional Access, PIM, entitlement managementMicrosoft Defender XDR, Microsoft Sentinel, KQL hunting
Typical daily taskDesign a Conditional Access policy, run an access review, fix Connect SyncTriage an incident, write a detection rule, hunt with KQL
AI content on the examNone. Copilot and agents appear zero times in the outlineYes. SC-200 examines Security Copilot and agentic features
Where to prepThis pageSC-200 practice test

If you are earlier in your path and want the gentle on-ramp first, SC-900 is the security fundamentals exam: describe-level, confirmed at $99 in Microsoft's pricing feed, and no prerequisite for anything. SC-300 has no prerequisite either, so working admins can skip straight to it.

How to build SC-300 practice questions that match the real blueprint

Entra renames and reshuffles features constantly. Build from current material, and spend your drilling time where the outline says the points are.

1
Upload current material
The SC-300 study guide, Microsoft Learn Entra modules, or your own tenant runbooks. Anything that still says "Azure AD" is old enough to double-check.
2
Over-drill Conditional Access
Nine mentions in the outline and the heart of the biggest domain. Practice assignments, controls, session management, authentication context and troubleshooting as separate question sets.
3
Do not skip governance
Entitlement management, access reviews and PIM are a fifth to a quarter of the paper, and they are the features most admins have configured least. That is exactly where scenario questions live.
4
Drill the new bullets
Passkeys (FIDO2), Temporary Access Pass, continuous access evaluation, protected actions and Global Secure Access are all named in the current outline. Older prep material predates several of them.

Should you take SC-300?

Identity is the part of Microsoft security that every other part depends on, which is why this certification holds its value. Here is the honest read by situation.

Your situation What to do
You administer an Entra tenant todaySC-300 is your exam and you are closer than you think. Your gaps are almost certainly governance (PIM, access reviews, entitlement management) and workload identities, not the daily user-management material. Weight your practice bank toward those two domains.
You work in a SOCTake SC-200 instead. Sentinel appears 16 times on that outline and zero times here.
You are new to Microsoft securityStart with SC-900, the fundamentals exam, confirmed at $99. Then come back: identity administration is the most natural next step because SC-900's largest domain is already Entra capabilities.
You are a developer who owns app registrationsSC-300's workload identities domain (20 to 25 percent) is written for you: managed identities, service principals, app registrations, API permissions and consent. The rest of the exam is learnable from the outline.
You hold the older Azure security pathCheck what is current before you renew anything. Microsoft has retired several exams recently, and the security and Azure ladders were both reshaped. Our certification exam generator works from whatever current study guide you upload.

SC-300 questions, answered

What is Exam SC-300?
SC-300 is Microsoft Identity and Access Administrator. It earns the Microsoft Certified: Identity and Access Administrator Associate certification. It covers Microsoft Entra ID end to end: user and hybrid identities, authentication and Conditional Access, workload identities and app registrations, and identity governance with entitlement management, access reviews and PIM. Its skills are stamped as of April 27, 2026.
What are the SC-300 domain weights?
Four domains: implement and manage user identities at 20 to 25 percent, implement authentication and access management at 25 to 30 percent, plan and implement workload identities at 20 to 25 percent, and plan and automate identity governance at 20 to 25 percent. Authentication and access management is the largest domain in the skills-at-a-glance list of Microsoft's current study guide.
Is SC-300 hard?
SC-300 is considered one of the more hands-on Microsoft associate exams because nearly every bullet in the outline starts with configure, implement or manage rather than describe. It is also close to flat: no domain is worth less than 20 percent, so you cannot safely skip governance or workload identities, the two areas most admins have the least daily contact with.
How much does the SC-300 exam cost?
Microsoft does not list SC-300 in its published exam pricing feed, so no honest source can quote you a confirmed SC-300 fee. Associate-level Microsoft exams have generally been $165 in the United States, so that is the reasonable expectation, but confirm the price at checkout before you book. Treat any site stating a firm SC-300 price as guessing.
How many questions are on the SC-300 exam?
Microsoft publishes no question count for SC-300, and it publishes no pass rate for any of its exams. Its general guidance is that most exams contain 40 to 60 questions. The passing score is 700 on a scale of 1 to 1000, and Microsoft notes that a scaled score may not equal 70 percent of the points. Any site quoting an exact SC-300 question count or a pass percentage invented it.
What is the difference between SC-300 and SC-200?
SC-300 is the identity administration exam and SC-200 is the security operations exam. The split is visible in the official outlines: Microsoft Sentinel appears 16 times in SC-200 and zero times in SC-300, while Entra appears 28 times in SC-300. If you build Conditional Access policies and manage app registrations, SC-300 is your exam. If you investigate incidents in Defender and Sentinel, take SC-200.
Do I need SC-900 before SC-300?
No. SC-300 has no prerequisite. SC-900 is the optional security fundamentals exam, and it is a gentler on-ramp: its outline names Entra 12 times at a describe level, while SC-300 names Entra 28 times and expects you to configure it. If you already administer a tenant, you can go straight to SC-300.

PDFQuiz is not affiliated with, endorsed by, or sponsored by Microsoft. Microsoft, Microsoft Entra, Azure and Microsoft Sentinel are trademarks of the Microsoft group of companies. This generator builds practice questions from material you upload and is a study aid, not a substitute for Microsoft's official learning paths. Entra changes quickly: always confirm the current skills-measured document before you book.

Related study tools

The fundamentals on-ramp to this exam is SC-900, and the security-operations sibling is SC-200. To understand how those two differ, read SC-900 vs SC-200. If your work is broader Azure administration rather than identity, AZ-104 is the Azure administrator exam. For any source document at all, use the certification exam generator.

Build your first SC-300 practice set

Upload your Microsoft Entra notes and generate exam-style questions with an answer key in under a minute.

Z tej samej rodziny narzędzi