ExamGecko
Search Search Login
Home Home / Microsoft / SC-300

Microsoft SC-300 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have an Azure subscription. You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege. Which role should you assign to the service principal of Permissions Management?
SIMULATION 8 You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.
SIMULATION 4 You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. A. B. C. D.
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table. users can request access by using package 1. Users at Fabrikam and Litware use ail then respective domain names for email addresses. You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users. You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1. What is the minimum of connected organization that you should create.
HOTSPOT Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
HOTSPOT You have an Azure subscription that contains the key vaults shown in the following table. The subscription contains the users shown in the following table. On June1, Admin4 performs the following actions: • Deletes a certificate named Certificate! from Key Vault1 • Deletes a secret named Secret1 from KeyVault2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SIMULATION 2 You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements: * The reviews must occur monthly. * The manager of each guest user must review the access. * If the reviews are NOT completed within five days, access must be removed. * If the guest user does not have a manager, Megan Bowen must review the access.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen. You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector. Does this meet the goal?
You create the Azure Active Directory (Azure AD) users shown in the following table. On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit. The users authentication to Azure AD on their devices as shown in the following table. On February 26, 2021, what will the multi-factor auth status be for each user?

Question 61

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as members to Group3?

A.

User2 and Group2 only

A.

User2 and Group2 only

Answers
B.

User2, Group1, and Group2 only

B.

User2, Group1, and Group2 only

Answers
C.

User1, User2, Group1 and Group2

C.

User1, User2, Group1 and Group2

Answers
D.

User1 and User2 only

D.

User1 and User2 only

Answers
E.

User2 only

E.

User2 only

Answers
Suggested answer: E

Explanation:

Reference:

https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groupsnesting/

Question 62

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure password writeback.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Question 63

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure pass-through authentication.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Question 64

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

Solution: You configure conditional access policies.

Does this meet the goal?

A.

Yes

A.

Yes

Answers
B.

No

B.

No

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Question 65

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1.

SecAdmin1 is assigned the Security administrator role.

SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.

You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative users. The solution must use the principle of least privilege.

Which role should you assign to SecAdmin1?

A.

Authentication administrator

A.

Authentication administrator

Answers
B.

Helpdesk administrator

B.

Helpdesk administrator

Answers
C.

Privileged authentication administrator

C.

Privileged authentication administrator

Answers
D.

Security operator

D.

Security operator

Answers
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Question 66

Report
Export
Collapse

You configure Azure Active Directory (Azure AD) Password Protection as shown in the exhibit. (Click the Exhibit tab.)

You are evaluating the following passwords:

Pr0jectlitw@re

T@ilw1nd

C0nt0s0

Which passwords will be blocked?

A.

Pr0jectlitw@re and T@ilw1nd only

A.

Pr0jectlitw@re and T@ilw1nd only

Answers
B.

C0nt0s0 only

B.

C0nt0s0 only

Answers
C.

C0nt0s0, Pr0jectlitw@re, and T@ilw1nd

C.

C0nt0s0, Pr0jectlitw@re, and T@ilw1nd

Answers
D.

C0nt0s0 and T@ilw1nd only

D.

C0nt0s0 and T@ilw1nd only

Answers
E.

C0nt0s0 and Pr0jectlitw@re only

E.

C0nt0s0 and Pr0jectlitw@re only

Answers
Suggested answer: C

Explanation:

Reference:

https://blog.enablingtechcorp.com/azure-ad-password-protection-password-evaluation

Question 67

Report
Export
Collapse

You have a Microsoft 365 tenant.

All users have mobile phones and laptops.

The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity.

While working from the remote locations, the users connect their laptop to a wired network that has internet access.

You plan to implement multi-factor authentication (MFA).

Which MFA authentication method can the users use from the remote location?

A.

a verification code from the Microsoft Authenticator app

A.

a verification code from the Microsoft Authenticator app

Answers
B.

security questions

B.

security questions

Answers
C.

voice

C.

voice

Answers
D.

an app password

D.

an app password

Answers
Suggested answer: A

Explanation:


Question 68

Report
Export
Collapse

You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.

You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.

What should you do first?

A.

Disable the User consent settings.

A.

Disable the User consent settings.

Answers
B.

Disable Security defaults.

B.

Disable Security defaults.

Answers
C.

Configure a multi-factor authentication (MFA) registration policy.

C.

Configure a multi-factor authentication (MFA) registration policy.

Answers
D.

Configure password protection for Windows Server Active Directory.

D.

Configure password protection for Windows Server Active Directory.

Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentalssecurity-defaults

Question 69

Report
Export
Collapse

Your company has a Microsoft 365 tenant.

The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.

The users are prohibited from having a mobile phone in the call center.

You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.

What should you include in the solution?

A.

a named network location

A.

a named network location

Answers
B.

the Microsoft Authenticator app

B.

the Microsoft Authenticator app

Answers
C.

Windows Hello for Business authentication

C.

Windows Hello for Business authentication

Answers
D.

FIDO2 tokens

D.

FIDO2 tokens

Answers
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authenticationpasswordless

Question 70

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

All users who run applications registered in Azure AD are subject to conditional access policies.

You need to prevent the users from using legacy authentication.

What should you include in the conditional access policies to filter out legacy authentication attempts?

A.

a cloud apps or actions condition

A.

a cloud apps or actions condition

Answers
B.

a user risk condition

B.

a user risk condition

Answers
C.

a client apps condition

C.

a client apps condition

Answers
D.

a sign-in risk condition

D.

a sign-in risk condition

Answers
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacyauthentication

Total 290 questions
Go to page: of 29
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms