ExamGecko
Search Search Login
Home Home / Microsoft / SC-300

Microsoft SC-300 Practice Test - Questions Answers, Page 28

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have an Azure subscription. You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege. Which role should you assign to the service principal of Permissions Management?
SIMULATION 8 You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.
SIMULATION 4 You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. A. B. C. D.
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table. users can request access by using package 1. Users at Fabrikam and Litware use ail then respective domain names for email addresses. You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users. You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1. What is the minimum of connected organization that you should create.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
HOTSPOT You have an Azure subscription that contains the key vaults shown in the following table. The subscription contains the users shown in the following table. On June1, Admin4 performs the following actions: • Deletes a certificate named Certificate! from Key Vault1 • Deletes a secret named Secret1 from KeyVault2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1. Which settings should you configure next for MyApp1?
SIMULATION 2 You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements: * The reviews must occur monthly. * The manager of each guest user must review the access. * If the reviews are NOT completed within five days, access must be removed. * If the guest user does not have a manager, Megan Bowen must review the access.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector. Does this meet the goal?

Question 271

Report
Export
Collapse

SIMULATION 9

You need to ensure that when users in the Sg-Operations group go to the My Apps portal a tab named Operations appears that contains only the following applications:

* Unkedln

* Box

A.

See the Explanation for the complete step by step solution

A.

See the Explanation for the complete step by step solution

Answers
Suggested answer: A

Explanation:

To ensure that users in the Sg-Operations group see a tab named ''Operations'' containing only LinkedIn and Box applications in the My Apps portal, you can create a collection with these specific applications. Here's how to do it:

Sign in to the Microsoft Entra admin center:

Make sure you have one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.

Navigate to App launchers:

Go to Identity > Applications > Enterprise applications.

Under Manage, select App launchers.

Create a new collection:

Click on New collection.

Enter ''Operations'' as the Name for the collection.

Provide a Description if necessary.

Add applications to the collection:

Select the Applications tab within the new collection.

Click on + Add application.

Search for and select LinkedIn and Box applications.

Click Add to include them in the collection.

Assign the collection to the Sg-Operations group:

Select the Users and groups tab.

Click on + Add users and groups.

Search for and select the Sg-Operations group.

Click Select to assign the collection to the group.

Review and create the collection:

Select Review + Create to check the configuration.

If everything is correct, click Create to finalize the collection.

By following these steps, when users in the Sg-Operations group visit the My Apps portal, they will see a new tab named ''Operations'' that contains only the LinkedIn and Box applications1.

Please note that to create collections on the My Apps portal, you need a Microsoft Entra ID P1 or P2 license1.

Question 272

Report
Export
Collapse

SIMULATION 10

You need to create a group named Audit. The solution must ensure that the members of Audit can activate the Security Reader role.

A.

See the Explanation for the complete step by step solution

A.

See the Explanation for the complete step by step solution

Answers
Suggested answer: A

Explanation:

To create a group named ''Audit'' and ensure that its members can activate the Security Reader role, follow these steps:

Open the Microsoft Entra admin center:

Sign in with an account that has the Security Administrator or Global Administrator role.

Navigate to Groups:

Go to Teams & groups > Active teams and groups1.

Create the security group:

Select Add a security group.

On the Set up the basics page, enter ''Audit'' as the group name.

Add a description if necessary and choose Next1.

Edit settings:

On the Edit settings page, select whether you want Microsoft Entra roles to be assignable to this group and select Next1.

Assign roles:

After creating the group, go to Roles > All roles.

Find and select the Security Reader role.

Under Assignments, choose Assign.

Select the ''Audit'' group to assign the role to its members2.

Review and finish:

Review the settings to ensure the ''Audit'' group is created with the ability for its members to activate the Security Reader role.

Finish the setup and save the changes.

By following these steps, you will have created the ''Audit'' group and enabled its members to activate the Security Reader role, which allows them to view security-related information without having permissions to change it. Remember to communicate the new group and role assignment to the relevant stakeholders in your organization.


Question 273

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You need to be able to create a Microsoft Defender for Cloud Apps session policy.

What should you do first?

A.

From the Microsoft Defender portal, select User monitoring.

A.

From the Microsoft Defender portal, select User monitoring.

Answers
B.

From the Microsoft Entra admin center, create a Conditional Access policy.

B.

From the Microsoft Entra admin center, create a Conditional Access policy.

Answers
C.

From the Microsoft Defender portal, select App onboarding/maintenance

C.

From the Microsoft Defender portal, select App onboarding/maintenance

Answers
D.

From the Microsoft Defender portal, create a continuous report.

D.

From the Microsoft Defender portal, create a continuous report.

Answers
Suggested answer: A

Question 274

Report
Export
Collapse

HOTSPOT

You have two Microsoft Entra tenants named contoso.com and fabhkam.com. Contoso.com contains the users shown in the following table.

Contoso.com contains the groups shown in the following table.

You configure cross-tenant synchronization from contoso.com to fabrikam.com and enable cross-tenant synchronization for User3 and Group2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 274
Correct answer: Question 274

Question 275

Report
Export
Collapse

You have a Microsoft Entra tenant that uses Microsoft Entra ID Premium licenses.

You plan to configure a terms of use (ToU) for the tenant.

You need to upload the ToU document.

Which format should you use for the document?

A.

HTML

A.

HTML

Answers
B.

RTF

B.

RTF

Answers
C.

PDF

C.

PDF

Answers
D.

DOCX

D.

DOCX

Answers
Suggested answer: C

Question 276

Report
Export
Collapse

You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.

Which resources can use Managed 1 as their identity?

A.

WebApp1 only

A.

WebApp1 only

Answers
B.

storage1 and WebApp1 only

B.

storage1 and WebApp1 only

Answers
C.

VM1 and WebApp1 only

C.

VM1 and WebApp1 only

Answers
D.

VM1, storage1, and WebApp1

D.

VM1, storage1, and WebApp1

Answers
Suggested answer: D

Question 277

Report
Export
Collapse

You have a Microsoft Entra tenant.

You need to create a Conditional Access policy to manage administrative access to the tenant. The solution must ensure that administrators are authenticated by using a phishing-resistant multi-factor authentication (MFA) method.

Which three authentication methods should you include in the solution? Each correct answer presents a complete solution.

A.

Windows Hello for Business

A.

Windows Hello for Business

Answers
B.

an FID02 security key

B.

an FID02 security key

Answers
C.

certificate-based authentication (multi-factor)

C.

certificate-based authentication (multi-factor)

Answers
D.

voice call

D.

voice call

Answers
E.

SMS

E.

SMS

Answers
F.

email OTP

F.

email OTP

Answers
G.

certificate-based authentication (single-factor)

G.

certificate-based authentication (single-factor)

Answers
H.

Microsoft Authenticator

H.

Microsoft Authenticator

Answers
Suggested answer: A, B, C

Question 278

Report
Export
Collapse

You have an Azure subscription.

You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege.

Which role should you assign to the service principal of Permissions Management?

A.

Reader

A.

Reader

Answers
B.

Contributor

B.

Contributor

Answers
C.

Owner

C.

Owner

Answers
D.

User Access Administrator

D.

User Access Administrator

Answers
Suggested answer: D

Question 279

Report
Export
Collapse

DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.

The subscription uses Privileged Identity Management (PIM).

You need to configure the following access controls by using PIM:

* Ensure that User1 can read and update Secret1.

* Ensure that User2 can read the contents of the secrets stored in Vault2.

The solution must follow the principle of least privilege.

Which authorization method should you use for each user? To answer, drag the appropriate authorization methods to the correct users. Each authorization method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 279
Correct answer: Question 279

Question 280

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You create a Microsoft Entra user named User1.

Which identities can you add to VM1 and App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct answer is worth one point.

Answer:

Question 280
Correct answer: Question 280
Total 290 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms