Microsoft SC-300 Practice Test - Questions Answers, Page 23

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.

Which type of policy should you create in the Microsoft Defender for Cloud Apps?

You plan to deploy a new Azure AD tenant.

Which multifactor authentication (MFA) method will be enabled by default for the tenant?

You have an Azure AD tenant that contains the users shown in the following table.

You need to compare the role permissions of each user. The solution must minimize administrative effort.

What should you use?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender.

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector.

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.

You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

You deploy an Azure subscription and enable Microsoft 365 Defender

You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector.

Does this meet the goal?

HOTSPOT

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The users have the devices shown in the following table.

You create the following two Conditional Access policies:

* Name: CAPolicy1

* Assignments

o Users or workload identities: Group 1

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions

Filter for devices: Exclude filtered devices from the policy

Rule syntax: device.displayName -starts With 'Device*'

o Access controls

Grant: Block access

Session: 0 controls selected

o Enable policy: On

* Name: CAPolicy2

* Assignments

o Users or workload identities: Group2

o Cloud apps or actions: Office 365 SharePoint Online

o Conditions: 0 conditions selected

* Access controls

o Grant: Grant access

Require multifactor authentication

o Session:

0 controls selected

* Enable policy: On

All users confirm that they can successfully authenticate using MFA.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret 1.

You enable a system-assigned managed identity for Automation1.

You need to ensure that Automation! can read the contents of Secret1. The solution must meet the following requirements:

* Prevent Automation1 from accessing other secrets stored in Vault1.

* Follow the principle of least privilege.

What should you do?

You have three Azure subscriptions that are linked to a single Microsoft Entra tenant.

You need to evaluate and remediate the risks associated with highly privileged accounts. The solution must minimize administrative effort.

What should you use?

You have accounts for the following cloud platforms:

* Azure

* Alibaba Cloud

* Amazon Web Services (AWS)

* Google Cloud Platform (GCP)

You configure an A2ure subscription to use Microsoft Entra Permissions Management to manage the permissions in Azure only. Which additional cloud platforms can be managed by using Permissions Management?