Microsoft SC-300 Practice Test - Questions Answers, Page 25
Question list
List of questions
Related questions
HOTSPOT
You have an Azure subscription named Sub1 that contains two resource groups named RG1 and RG2. Sub1 contains the users shown in the following table.
Sub1 contains the resources shown in the following table.
You create the role-based access control (RBAC) role assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You have a user risk policy that has the following settings:
* Assignments:
o Include: Group1
o Exclude: Group2
* Sign-in risk Medium and above
* Access controls:
o Grant access: Require password change
When the users attempt to sign in. user risk levels are detected as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
You have a Microsoft Entra tenant that contains the groups shown in the following table.
You need to implement Privileged Identity Management (PIM) for the groups.
Which groups can be managed by using PIM?
Group1 only
Group1 and Group2 only
Group1 and Group3 only
Group3 and Group4 only
Group1. Group2. Group3. and Group4
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.
You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:
* Ensure that AKS1 uses the managed identity to access DB1.
* Follow the principle of least privilege.
Which role should you assign to the managed identity of AKS1.
For R61, assign the Azure Cosmos DB Data Reader Role role.
For Sub1. assign the Owner role.
For RG1, assign the Reader role.
For DB1, assign the Azure Cosmos DB Account Reader Role role.
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
The subscription contains the virtual machines shown in the following table.
Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point.
You have an Azure subscription. The subscription contains 50 virtual machines that run Windows Server.
You enable Microsoft Entra login for the virtual machines.
Users report that they cannot sign in to the virtual machines by using their Microsoft Entra credentials.
You need to ensure that the users can sign in to the virtual machines.
What should you do first?
Ensure that the virtual machines can access https://enterpriseregistration.windows.net.
Revoke the primary refresh token.
From the Microsoft Entra admin center, delete the device registrations of the virtual machines.
Enable SSH client support for OpenSSH.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).
Does this meet the goal?
Yes
No
HOTSPOT
You have an Azure subscription named Sub1 ilia1 contains a storage account named storage1. You need to deploy two apps named App1 and App2 that will have the following configurations:
* App1 will be deployed as a registered app in Sub1.
* App1 will access storage1 by using Microsoft Entra authentication.
* App2 will access storage1 by using a single Microsoft Entra identity.
* App2 be hosted on two new virtual machines named VM1 and VM2.
The solution must minimize administrative effort.
Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.
You have an Azure subscription that containes a registered app named App1.
You need to review the sign-in activity for App1. The solution must meet the following requirements:
* Identify the number of failed sign-ins.
* Identify the success rate of sign-ins.
* Minimize administrative effort.
What should you use?
Audit logs
Usage & insights
Access reviews
Sign-in logs
You have an Azure subscription that contains a user named User! and two resource groups named RG1 and RG2.
You need to ensure that User1 can perform the following tasks:
* View all resources.
* Restart virtual machines.
* Create virtual machines in RG1 only.
* Create storage accounts in RG1 only.
What is the minimum number of role-based access control (RBAC) role assignment* required?
1
2
3
4
Question