Home / Microsoft / SC-300

Microsoft SC-300 Practice Test - Questions Answers, Page 4

Question list

List of questions

Question 31

(0)

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies. You plan to use third-party security information and event management (SIEM) to analyze conditional acces

Question 32

(0)

You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past. For how long does Azure AD store events in the

Question 33

(0)

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table. Which objects can you add as eligible in Azure Privileged identity Management (PIM) fo

Question 34

(0)

You have a Microsoft 365 tenant. You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor. What should you do first?

Question 35

(0)

You have an Azure Active Directory (Azure AD) tenant. For the tenant. Users can register applications Is set to No. A user named Admin1 must deploy a new cloud app named App1. You need to ensure

Question 36

(0)

Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configu

Question 37

(0)

You have an Azure Active Directory (Azure AD) tenant. You create an enterprise application collection named HR Apps that has the following settings: • Applications: Appl. App?, App3 • Owners: Adm

Question 38

(0)

You have a Microsoft 365 tenant. The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table. In Azure AD. you add a new enterprise application named Appl. Whic

Question 39

(0)

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com. You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy.

Question 40

(0)

You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access

Related questions

You have an Azure subscription. You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege. Which role should you assign to the service principal of Permissions Management?

SIMULATION 8 You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.

SIMULATION 4 You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.

HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. A. B. C. D.

Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table. users can request access by using package 1. Users at Fabrikam and Litware use ail then respective domain names for email addresses. You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users. You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1. What is the minimum of connected organization that you should create.

HOTSPOT You have an Azure subscription that contains the key vaults shown in the following table. The subscription contains the users shown in the following table. On June1, Admin4 performs the following actions: • Deletes a certificate named Certificate! from Key Vault1 • Deletes a secret named Secret1 from KeyVault2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

SIMULATION 2 You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements: * The reviews must occur monthly. * The manager of each guest user must review the access. * If the reviews are NOT completed within five days, access must be removed. * If the guest user does not have a manager, Megan Bowen must review the access.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector. Does this meet the goal?

Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1. Which settings should you configure next for MyApp1?

Question 31

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.

You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.

You need to download the Azure AD log that contains conditional access policy data.

What should you export from Azure AD?

sign-ins in JSON format

sign-ins in CSV format

audit logs in JSON format

audit logs in CSV format

Show Answer Comment (0)

Question 32

You have an Azure Active Directory (Azure AD) tenant.

You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.

For how long does Azure AD store events in the sign-in log?

14 days

30 days

90 days

365 days

Show Answer Comment (0)

Question 33

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

User1 only

User1 and Identity1 only

User1. Guest1, and Identity

User1 and Guest1 only

Show Answer Comment (0)

Question 34

You have a Microsoft 365 tenant.

You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.

What should you do first?

Run the Get-AzureADAuditDirectoryLogs cmdlet.

Create an Azure AD workbook.

Run the Set-AzureADTenantDetail cmdlet.

Modify the Diagnostics settings for Azure AD.

Show Answer Comment (0)

Question 35

You have an Azure Active Directory (Azure AD) tenant.

For the tenant. Users can register applications Is set to No.

A user named Admin1 must deploy a new cloud app named App1.

You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.

Which role should you assign to Admin1?

Application developer in Azure AD

App Configuration Data Owner for Subscription1

Managed Application Contributor for Subscription1

Cloud application administrator in Azure AD

Show Answer Comment (0)

Question 36

Your company requires that users request access before they can access corporate applications.

You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.

Which settings should you configure next for MyApp1?

Self-service

Provisioning

Roles and administrators

Application proxy

Show Answer Comment (0)

Question 37

You have an Azure Active Directory (Azure AD) tenant.

You create an enterprise application collection named HR Apps that has the following settings:

• Applications: Appl. App?, App3

• Owners: Admin 1

• Users and groups: HRUsers

AH three apps have the following Properties settings:

• Enabled for users to sign in: Yes

• User assignment required: Yes

• Visible to users: Yes Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3. What should you do from App3?

What should you do from App3?

From Users and groups, add HRUsers.

Prom Properties, change User assignment required to No.

From Permissions, review the User consent permissions.

From Single sign on, configure a sign-on method.

Show Answer Comment (0)

Question 38

You have a Microsoft 365 tenant.

The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.

In Azure AD. you add a new enterprise application named Appl. Which groups can you assign to App1?

Group1 and Group

Group2 only

Group3 only

Group1 only

Group1 and Group4

Show Answer Comment (0)

Question 39

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.

You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy.

What should you do first?

Disable the User consent settings.

Disable Security defaults.

Configure a multi-factor authentication (Ml A) registration policy1.

Configure password protection for Windows Server Active Directory.

Show Answer Comment (0)

Question 40

You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access.

What should you do first?

Configure access reviews in Azure AD.

Enforce Azure AD Password Protection.

implement multi-factor authentication (MFA) for all users.

Configure self-service password reset (SSPR) for all users.

Show Answer Comment (0)

Total 290 questions