Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 171:

  HOTSPOT

  You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

  https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

• Question 172:

  You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.

  You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.

  What should you do first?

  A. Disable Security defaults.
  B. Configure password protection for the Azure AD tenant.
  C. Configure a multi-factor authentication (MFA) registration policy.
  D. Disable the User consent settings.
  A. Disable Security defaults.

  ---

  Explanation

  Disabling security defaults

  Organizations that choose to implement Conditional Access policies that replace security defaults must disable security defaults.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

• Question 173:

  HOTSPOT

  You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.

  You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.

  Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 174:

  You have a Microsoft 365 subscription. The subscription contains users that use Microsoft Outlook 2016 and Outlook 2013 clients.

  You need to implement tenant restrictions. The solution must minimize administrative effort.

  What should you do first?

  A. Configure the Outlook 2013 clients to use modern authentication.
  B. Upgrade the Outlook 2013 clients to Outlook 2016.
  C. From the Exchange admin center, configure Organization Sharing.
  D. Upgrade all the Outlook clients to Outlook 2019.
  B. Upgrade the Outlook 2013 clients to Outlook 2016.

• Question 175:

  You have an Azure subscription that contains a virtual machine named VM1. VM1 has the following configurations:

  1. Private IP address: 172.16.1.5

  2. Public IP address 10fl.143.16U5

  3. System-assigned managed identity status: On

  You install an app named App1 on VM1. You need to configure App1 to request a managed identity app-only access token.

  Which IP address should App1 use for the request?

  A. 108.143.161.25
  B. 127.0.0.1
  C. 169.254.169.254
  D. 172.16.1.5
  C. 169.254.169.254

• Question 176:

  SIMULATION

  You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements:

  1. The reviews must occur monthly.

  2. The manager of each guest user must review the access.

  3. If the reviews are NOT completed within five days, access must be removed.

  4. If the guest user does not have a manager, Megan Bowen must review the access.

  A. See the Explanation Below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation Below

  ---

  Explanation

  To implement a process for reviewing guest users' access to the Salesforce app with the specified requirements, you can use Microsoft Entra's Identity Governance access reviews feature. Here's a step-by-step guide:

  1. Assign the appropriate role:

  2. uk.co.certification.simulator.questionpool.PList@10556031

  3. Navigate to Identity Governance:

  4. Create a new access review:

  5. Configure the review settings:

  6. Determine the reviewers:

  7. Automate the removal process:

  8. Monitor and enforce compliance:

  9. Communicate the process:

  By following these steps, you can ensure that guest users' access to the Salesforce app is reviewed monthly, with managers being responsible for the review, and access is removed if the review is not completed in time.

• Question 177:

  You create the Azure Active Directory (Azure AD) users shown in the following table.

  

  On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.

  

  The users authentication to Azure AD on their devices as shown in the following table.

  

  On February 26, 2021, what will the multi-factor auth status be for each user?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  B. Option B

• Question 178:

  You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies enforced.

  You create an Azure Sentinel instance and configure the Azure Active Directory connector.

  You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity Protection.

  What should you do first?

  A. Add a Microsoft Sentinel data connector.
  B. Configure the Notify settings in Azure AD Identity Protection.
  C. Create a Microsoft Sentinel playbook.
  D. Modify the Diagnostics settings in Azure AD.
  A. Add a Microsoft Sentinel data connector.

• Question 179:

  HOTSPOT

  Your network contains an on-premises Active Directory Domain Services (AD DS) domain named fabrikam.com. The domain contains an Active Directory Federation Services (AD FS) instance and a member server named Server1 that runs Windows Server. The domain contains the users shown in the following table.

  

  You have a Microsoft Entra tenant named contoso.com that is linked to a Microsoft 365 subscription.

  You establish federation between fabrikam.com and contoso.com by using a Microsoft Entra Connect instance that is configured as shown in the following exhibit.

  

  You perform the following tasks in contoso.com:

  Create a group named Group1. Disable User2. Enable User3. For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: No

  Group1 is created in contoso.com (Microsoft Entra). User1 is in fabrikam.com (on-premises). From the exhibit we see that "Group writeback" is disabled. User1 cannot be added to Group1.

  Note: Plan for Microsoft Entra Connect group writeback Group writeback allows you to write cloud groups back to your on-premises Active Directory instance by using Microsoft Entra Connect Sync. You can use this feature to manage groups in the cloud, while controlling access to on-premises applications and resources.

  Box 2: No

  User2 is in fabrikam.com (on-premises), and is enabled. User2 then disabled.

  Note: Password hash synchronization is one of the sign-in methods used to accomplish hybrid identity. Microsoft Entra Connect synchronizes a hash of a user's password from an on-premises Active Directory instance to a cloud-based Microsoft Entra instance.

  Box 3: Yes

  Password writeback is enabled.

  Note: Password writeback can be used to synchronize password changes in Microsoft Entra back to your on-premises AD DS environment. Microsoft Entra Connect provides a secure mechanism to send these password changes back to an existing on-premises directory from Microsoft Entra ID.

  References:

  https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-group-writeback-v2

  https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-phs

  https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr-writeback

• Question 180:

  You have an Azure subscription that contains a user named User1. The subscription is onboarded to Microsoft Entra Permissions Management.

  You need to provide User1 with access to Permissions Management. The solution must meet the following requirements:

  1. Follow the principle of least privilege.

  2. Minimize administrative effort.

  What should you do first?

  A. From the Role/Policy Template subtab of Permissions Management, create a template.
  B. From the Microsoft Entra admin center, create a security group.
  C. From the My Requests subtab of Permissions Management, create a new request.
  D. From the Microsoft Entra admin center, assign a role to User1.
  D. From the Microsoft Entra admin center, assign a role to User1.

  ---

  Explanation

  References:

  https://learn.microsoft.com/en-us/entra/architecture/permissions-manage-ops-guide-two