Microsoft SC-300 Practice Test - Questions Answers, Page 8
Question list
List of questions
Related questions
You have an Azure Active Directory (Azure AD) tenant.
You open the risk detections report.
Which risk detection type is classified as a user risk?
impossible travel
anonymous IP address
atypical travel
leaked credentials
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured
an Azure AD conditional access policy that has session controls configured
an Azure AD conditional access policy that has client apps conditions configured
a Microsoft Cloud App Security app discovery policy that has governance actions configured
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
Azure AD Application Proxy
an Azure AD Password Protection proxy
Network Policy Server (NPS)
a pass-through authentication proxy
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. The domain contains the servers shown in the following table.
The domain controllers are prevented from communicating to the internet.
You implement Azure AD Password Protection on Server1 and Server2.
You deploy a new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails.
What should you implement on Server4?
Azure AD Connect
Azure AD Application Proxy
Password Change Notification Service (PCNS)
the Azure AD Password Protection proxy service
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?
Application Insights in Azure Monitor
access reviews in Azure AD
Cloud App Discovery in Microsoft Cloud App Security
enterprise applications in Azure AD
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
You plan to create an emergency-access administrative account named Emergency1. Emergency1 will be assigned the Global administrator role in Azure AD. Emergency1 will be used in the event of Azure AD functionality failures and on- premises infrastructure failures.
You need to reduce the likelihood that Emergency1 will be prevented from signing in during an emergency.
What should you do?
Configure Azure Monitor to generate an alert if Emergency1 is modified or signs in.
Require Azure AD Privileged Identity Management (PIM) activation of the Global administrator role for Emergency1.
Configure a conditional access policy to restrict sign-in locations for Emergency1 to only the corporate network.
Configure a conditional access policy to require multi-factor authentication (MFA) for Emergency1.
You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?
an access policy in Microsoft Cloud App Security.
Terms and conditions in Microsoft Endpoint Manager.
a conditional access policy in Azure AD
a compliance policy in Microsoft Endpoint Manager
You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.
For which groups can you create an access review?
Group1 only
Group1 and Group4 only
Group1 and Group2 only
Group1, Group2, Group4, and Group5 only
Group1, Group2, Group3, Group4 and Group5
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?
User1, User2, and User3
User3 only
User1 only
User1 and User2 only
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?
Expire eligible assignments after from the Role settings details
Expire active assignments after from the Role settings details
Assignment type to Active
Assignment type to Eligible
Question