Microsoft SC-300 Practice Test - Questions Answers, Page 23
Question list
List of questions
Related questions
You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service password reset (SSPR) enabled.
You enable combined registration in interrupt mode.
You create a new user named User1.
Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
a FID02 security key
a hardware token
a one-time passcode email
Windows Hello for Business
the Microsoft Authenticator app
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
OAuth app policy
anomaly detection polio
access policy
activity policy
You plan to deploy a new Azure AD tenant.
Which multifactor authentication (MFA) method will be enabled by default for the tenant?
Microsoft Authenticator
SMS
voice call
email OTP
You have an Azure AD tenant that contains the users shown in the following table.
You need to compare the role permissions of each user. The solution must minimize administrative effort.
What should you use?
the Microsoft 365 Defender portal
the Microsoft 365 admin center
the Microsoft Entra admin center
the Microsoft Purview compliance portal
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender.
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector.
Does this meet the goal?
Yes
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector.
Does this meet the goal?
Yes
No
HOTSPOT
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
The users have the devices shown in the following table.
You create the following two Conditional Access policies:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group 1
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -starts With 'Device*'
o Access controls
Grant: Block access
Session: 0 controls selected
o Enable policy: On
* Name: CAPolicy2
* Assignments
o Users or workload identities: Group2
o Cloud apps or actions: Office 365 SharePoint Online
o Conditions: 0 conditions selected
* Access controls
o Grant: Grant access
Require multifactor authentication
o Session:
0 controls selected
* Enable policy: On
All users confirm that they can successfully authenticate using MFA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret 1.
You enable a system-assigned managed identity for Automation1.
You need to ensure that Automation! can read the contents of Secret1. The solution must meet the following requirements:
* Prevent Automation1 from accessing other secrets stored in Vault1.
* Follow the principle of least privilege.
What should you do?
From Vault1, configure the Access control (1AM) settings.
From Automation1, configure the Identity settings.
From Secret1, configure the Access control (1AM) settings
From Automation1, configure the Run as accounts settings.
You have three Azure subscriptions that are linked to a single Microsoft Entra tenant.
You need to evaluate and remediate the risks associated with highly privileged accounts. The solution must minimize administrative effort.
What should you use?
Microsoft Entra Verified ID
Privileged Identify Management (PIM)
Global Secure Access
Microsoft Entra Permissions Management
You have accounts for the following cloud platforms:
* Azure
* Alibaba Cloud
* Amazon Web Services (AWS)
* Google Cloud Platform (GCP)
You configure an A2ure subscription to use Microsoft Entra Permissions Management to manage the permissions in Azure only. Which additional cloud platforms can be managed by using Permissions Management?
AWS only
Alibaba Cloud and AWS only
Alibaba Cloud and GCP only
AWS and GCP only
Alibaba Cloud, AWS, and GCP
Question