ExamGecko
Search Search Login
Home Home / Microsoft / SC-300
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have an Azure subscription. You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege. Which role should you assign to the service principal of Permissions Management?
SIMULATION 8 You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.
SIMULATION 4 You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. A. B. C. D.
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table. users can request access by using package 1. Users at Fabrikam and Litware use ail then respective domain names for email addresses. You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users. You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1. What is the minimum of connected organization that you should create.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
HOTSPOT You have an Azure subscription that contains the key vaults shown in the following table. The subscription contains the users shown in the following table. On June1, Admin4 performs the following actions: • Deletes a certificate named Certificate! from Key Vault1 • Deletes a secret named Secret1 from KeyVault2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1. Which settings should you configure next for MyApp1?
SIMULATION 2 You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements: * The reviews must occur monthly. * The manager of each guest user must review the access. * If the reviews are NOT completed within five days, access must be removed. * If the guest user does not have a manager, Megan Bowen must review the access.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector. Does this meet the goal?

Question 268 - SC-300 discussion

Report
Export

SIMULATION 6

You need to implement additional security checks before the members of the Sg-Executive can access any company apps. The members must meet one of the following conditions:

* Connect by using a device that is marked as compliant by Microsoft Intune.

* Connect by using client apps that are protected by app protection policies.

A.

See the Explanation for the complete step by step solution

Answers
A.

See the Explanation for the complete step by step solution

Suggested answer: A

Explanation:

To implement additional security checks for the Sg-Executive group members before they can access any company apps, you can use Conditional Access policies in Microsoft Entra. Here's a step-by-step guide:

Sign in to the Microsoft Entra admin center:

Ensure you have the role of Global Administrator or Security Administrator.

Navigate to Conditional Access:

Go to Security > Conditional Access.

Create a new policy:

Select + New policy.

Name the policy appropriately, such as ''Sg-Executive Security Checks''.

Assign the policy to the Sg-Executive group:

Under Assignments, select Users and groups.

Choose Select users and groups and then Groups.

Search for and select the Sg-Executive group.

Define the application control conditions:

Under Cloud apps or actions, select All cloud apps to apply the policy to any company app.

Set the device compliance requirement:

Under Conditions > Device state, configure the policy to include devices marked as compliant by Microsoft Intune.

Set the app protection policy requirement:

Under Conditions > Client apps, configure the policy to include client apps that are protected by app protection policies.

Configure the access controls:

Under Access controls > Grant, select Grant access.

Choose Require device to be marked as compliant and Require approved client app.

Ensure that the option Require one of the selected controls is enabled.

Enable the policy:

Set Enable policy to On.

Review and save the policy:

Review all settings to ensure they meet the requirements.

Click Create to save and implement the policy.

By following these steps, you will ensure that the Sg-Executive group members can only access company apps if they meet one of the specified conditions, either by using a compliant device or a protected client app. This enhances the security posture of your organization by enforcing stricter access controls for executive-level users.

Show Answer
asked 05/10/2024
Jacek Kaleta
55 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms