Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 141:

  HOTSPOT

  You have a Microsoft 365 E5 subscription.

  You need to create a dynamic user group that will include all the users that do NOT have a department defined in their user profile.

  How should you complete the membership rule? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 142:

  You have a Microsoft 365 E5 subscription.

  You need to create a Microsoft Defender for Cloud Apps session policy.

  What should you do first?

  A. From the Microsoft Defender for Cloud Apps portal, select User monitoring.
  B. From the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance
  C. From the Azure Active Directory admin center, create a Conditional Access policy.
  D. From the Microsoft Defender for Cloud Apps portal, create a continuous report.
  C. From the Azure Active Directory admin center, create a Conditional Access policy.

• Question 143:

  Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.

  

  users can request access by using package 1.

  Users at Fabrikam and Litware use ail then respective domain names for email addresses.

  You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.

  You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.

  What is the minimum of connected organization that you should create.

  A. 1
  B. 2
  C. 3
  D. 4
  C. 3

• Question 144:

  DRAG DROP

  You have a Microsoft 365 E5 subscription and an Azure subscription.

  You need to meet the following requirements:

  1. Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.

  2. Delegate the ability to create new virtual machines.

  What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

• Question 145:

  You have a Microsoft 365 subscription.

  You plan to deploy an app named App1 that will have the following configurations:

  1. Will be registered in Microsoft Entra

  2. Will access the signed-in user's Microsoft Outlook calendar by using the Microsoft Graph API

  You need to ensure that App1 can access Microsoft Graph.

  What should you use?

  A. application permissions
  B. delegated permissions
  C. a custom role-based access control (RBAC) role
  D. a built-in role-based access control (RBAC) role
  B. delegated permissions

• Question 146:

  You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.

  From the Groups blade in the Microsoft Entra admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users.

  You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.

  What should you use?

  A. the Set-MgUserLicense cmdlet
  B. the Identity Governance blade in the Microsoft Entra admin center
  C. the Groups blade in the Microsoft Entra admin center
  D. the Update-MgGroup cmdlet
  A. the Set-MgUserLicense cmdlet

  ---

  Explanation

  Correct: * the Licenses blade in the Azure Active Directory admin center * the Set-MgUserLicense cmdlet

  Incorrect: * the Administrative units blade in the Azure Active Directory admin center * the Groups blade in the Azure Active Directory admin center * the Groups blade in the Microsoft Entra admin center * the Identity Governance blade in the Azure Active Directory admin center * the Set-AzureAdGroup cmdlet * the Set-AzureAdUser cmdlet * the Set-MsolUserLicense cmdlet

  The Set-MsolUserLicense cmdlet updates the license assignment for a user. This can include adding a new license, removing a license, updating the license options, or any combination of these actions. However, the Set-MsolUserLicense cmdlet is now deprecated.

  1. the Set-WindowsProductKey cmdlet * the Update-MgGroup cmdlet * the Update-MgUser cmdlet

  Note: * the Licenses blade in the Azure Active Directory admin center You can unassign licenses from users on either the Active users page, or on the Licenses page. The method you use depends on whether you want to unassign product licenses from specific users or unassign users' licenses from a specific product.

  Unassign licenses by using the Licenses page 1. In the admin center, go to the Billing > Licenses page.

  2. Select a product.

  3. Select the check boxes of the users for whom you want to unassign licenses.

  4. Select Unassign licenses.

  5. In the Unassign licenses box, select Unassign. To remove a license from a group 2. On the Licensed groups page for the license plan, select the group that should no longer have the license.

  2. Select Remove license.

  3. the Set-MgUserLicense cmdlet Removing licenses from user accounts To remove licenses from an existing user account, use the following syntax:

  Set-MgUserLicense -UserId "<Account>" -RemoveLicenses @("<AccountSkuId1>") -AddLicenses @{} This example removes the SPE_E5 (Microsoft 365 E5) licensing plan from the user [email protected]:

  $e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPE_E5' Set-MgUserLicense -UserId "[email protected]" -RemoveLicenses @($e5Sku.SkuId) - AddLicenses @{}

  To remove all licenses from a group of existing licensed users, use the following syntax:

  $licensedUsers = Get-MgUser -Filter 'assignedLicenses/$count ne 0' ` -ConsistencyLevel eventual -CountVariable licensedUserCount -All ` -Select UserPrincipalName,DisplayName,AssignedLicenses foreach($user in $licensedUsers)

  {$licensesToRemove = $user.AssignedLicenses | Select -ExpandProperty SkuId $user = Set-MgUserLicense -UserId $user.UserPrincipalName -RemoveLicenses $licensesToRemove - AddLicenses @{} }

  References:

  https://docs.microsoft.com/en-us/microsoft-365/admin/manage/remove-licenses-from-users

  https://learn.microsoft.com/en-us/microsoft-365/admin/manage/assign-licenses-to-users

  https://learn.microsoft.com/en-us/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-

• Question 147:

  HOTSPOT

  You have an Azure subscription that contains the resources shown in the following table.

  

  You create a Microsoft Entra user named User1.

  Which identities can you add to VM1 and App1? To answer, select the appropriate options in the answer area.

  NOTE: Each correct answer is worth one point.

  

  

• Question 148:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You use Azure Monitor to analyze Microsoft Entra ID activity logs.

  You receive more than 100 email alerts each day for failed Microsoft Entra ID user sign-in attempts.

  You need to ensure that a new security administrator receives the alerts instead of you.

  Solution: From Microsoft Entra ID, you modify the Diagnostics settings.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

• Question 149:

  SIMULATION

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click the username below.

  To enter your password, place your cursor in the Enter password box and click the password below.

  Microsoft 365 Username: [email protected]

  Microsoft 365 Password: 1122334455667788

  If the Microsoft 365 portal does not load successfully in the browser, press CTRL+K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 99999999

  You need to implement additional security checks before the members of the sg-Executive can access any company apps. The members must meet one of the following conditions:

  1. Connect by using a device that is marked as compliant by Microsoft Intune.

  2. Connect by using client apps that are protected by app protection policies.

  To complete this task, sign in to the appropriate admin center.

  A. See the explanation below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the explanation below

  ---

  Explanation

  

  Part 1: First, create a Conditional Access policy and assign your test group of users as follows:

  Step 1: Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.

  Step 2: Browse to Protection > Conditional Access, select + New policy, and then select Create new policy.

  Step 3: Enter a name for the policy, such as MFA Pilot.

  Step 4: Under Assignments, select the current value under Users or workload identities.

  Step 5: Under What does this policy apply to?, verify that Users and groups is selected.

  Step 6: Under Include, choose Select users and groups, and then select Users and groups.

  Since no one is assigned yet, the list of users and groups (shown in the next step) opens automatically.

  Step 7: Browse for and select your Microsoft Entra group, such as MFA-Test-Group [Select the sg-Executive group], then choose Select.

  Part 2: Select applications Configure the apps which require the conditions

  Step 8: Select the current value under Cloud apps or actions, and then under Select what this policy applies to, verify that Cloud apps is selected.

  Step 9: Under Include, choose Select apps.

  Since no apps are yet selected, the list of apps (shown in the next step) opens automatically.

  Step 10: Browse the list of available sign-in events that can be used. Then choose Select. Choose Select apps and select the link under Select.

  Step 11: On the Select page, choose Windows Azure Service Management API, and then choose Select.

  Part 3:

  Select Conditions Question: The members must meet one of the following conditions: Connect by using a device that is marked as compliant by Microsoft Intune. Connect by using client apps that are protected by app protection policies.

  Step 12: Select Conditions > Client apps to apply the policy to apps and browsers. Select Yes, and then select the checkboxes for enable Browser and Mobile apps and desktop clients.

  Step 13: Under Access controls, select Grant to apply Conditional Access based on a device compliance status. Select Grant access > Intune compliant Device, and Require app protection policy, then select Require one of the selected controls.

  Step 14: For Enable policy, select On, and then select Create to save your changes. By default, Enable policy is set to Report-only.

  References:

  https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-azure-mfa

  https://learn.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune-create

• Question 150:

  You have a Microsoft 365 tenant.

  All users have computers that run Windows 10. Most computers are company-owned and joined to Microsoft Entra ID. Some computers are user-owned and are only registered in Microsoft Entra ID.

  You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.

  Which policy type should you create?

  A. a Microsoft Defender for Cloud Apps activity policy that has Microsoft Office 365 governance actions configured
  B. a Microsoft Entra conditional access policy that has session controls configured
  C. a Microsoft Entra conditional access policy that has client apps conditions configured
  D. a Microsoft Defender for Cloud Apps app discovery policy that has governance actions configured
  B. a Microsoft Entra conditional access policy that has session controls configured

  ---

  Explanation

  References:

  https://learn.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aad