Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 181:

  HOTSPOT

  You have an Azure subscription that is onboarded to Microsoft Entra Permissions Management.

  You need to perform the following actions:

  1. Identify billable Azure resources.

  2. Create a rule to remove permissions for unused resources.

  Which two options should you use in the Entra Permissions Management portal? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Gear icon Identify billable Azure resources.

  View resources in your authorization system 1. To access your billable resource information, from the Permissions Management home page, select Settings (gear icon).

  2. On the Data Collectors dashboard, select your authorization system type:

  AWS for Amazon Web Services. Azure for Microsoft Azure. GCP for Google Cloud Platform.

  Box 2: Autopilot Create a rule to remove permissions for unused resources.

  Microsoft Entra Permissions Management Create a rule in the Autopilot dashboard 1. In the Permissions Management home page, select the Autopilot tab.

  2. In the Autopilot dashboard, from the Authorization system types dropdown, select Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

  3. From the Authorization System dropdown, in the List and Folders box, select the account and folder names that you want, and then select Apply.

  4. In the Autopilot dashboard, select New Rule.

  5. Etc.

  https://learn.microsoft.com/en-us/entra/permissions-management/product-data-billable-resources

  https://learn.microsoft.com/en-us/entra/permissions-management/how-to-create-ruleReference:

• Question 182:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant.

  You have 100 IT administrators who are organized into 10 departments.

  You create the access review shown in the exhibit. (Click the Exhibit tab.)

  

  You discover that all access review requests are received by Megan Bowen.

  You need to ensure that the manager of each department receives the access reviews of their respective department.

  Solution: You create a separate access review for each role.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

• Question 183:

  You have a Microsoft 365 E5 subscription.

  You need to be able to create a Microsoft Defender for Cloud Apps session policy.

  What should you do first?

  A. From the Microsoft 365 Defender portal, select User monitoring.
  B. From the Microsoft 365 Defender portal, select App onboarding/maintenance.
  C. From the Microsoft Entra admin center, create a Conditional Access policy.
  D. From the Microsoft 365 Defender portal, create a continuous report.
  C. From the Microsoft Entra admin center, create a Conditional Access policy.

  ---

  Explanation

  Create Microsoft Defender for Cloud Apps session policies Microsoft Defender for Cloud Apps session policies provide granular visibility into cloud apps with real-time, session-level monitoring. Use session policies to take various actions, depending on the policy you set for a user session. Prerequisites * A Defender for Cloud Apps license, either as a stand-alone license or as part of another license 1. A license for Microsoft Entra ID P1, either as stand-alone license or as part of another license.

  2. If you're using a non-Microsoft IdP, the license required by your identity provider (IdP) solution. automatically onboarded, while non-Microsoft IdP apps must be onboarded manually. *-> The relevant apps onboarded to Conditional Access app control. Microsoft Entra ID apps are References:

  https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad

• Question 184:

  HOTSPOT

  You have a Microsoft Entra tenant that contains the users shown in the following table.

  

  The tenant contains the administrative units shown in the following table.

  

  The tenant contains the groups shown in the following table.

  

  You perform the following actions:

  Assign User1 the User Administrator role for AU2. Assign User3 the Groups Administrator role for AU1. Assign User5 the Authentication Administrator role for AU3.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 185:

  You have multiple on-premises devices that run either Windows or Linux.

  You have a Microsoft 365 E5 subscription.

  You configure Microsoft Entra Internet Access.

  You need to ensure that all the on-premises devices route internet traffic through Global Secure Access for security policy evaluation.

  What should you do in the Microsoft Entra admin center?

  A. Deploy the Global Secure Access client.
  B. Create a remote network.
  C. Create a named location.
  D. Create an access package.
  A. Deploy the Global Secure Access client.

• Question 186:

  You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

  

  You configure Microsoft Entra Internet Access.

  Which users can manage Microsoft Entra Internet Access?

  A. User1 only
  B. User2 only
  C. User3 only
  D. User1 and User2 only
  E. User1, User2, and User3
  A. User1 only

  ---

  Explanation

  Microsoft Global Secure Access built-in roles

  Global Secure Access uses Role-Based Access Control (RBAC) to effectively manage administrative access.

  Global Administrator [User1] Full access: This role grants administrators full permissions within Global Secure Access. They can manage policies, configure settings, and view logs, including Conditional Access scenarios, configurations for Private Access, write operations on application segments, and management of user assignments for traffic profiles.

  Global Secure Access Administrator

  Limited access: This role grants permissions to perform specific tasks, such as configuring remote networks, setting up security profiles, managing traffic forwarding profiles, and viewing traffic logs and alerts. However, Global Secure Access administrators can't create or manage Conditional Access policies, manage user and group assignments, or configure Microsoft 365 logging. [Not User2]

  Not User3: Privileged Role Administrator

  This is a privileged role. Users with this role can manage role assignments in Microsoft Entra ID, as well as within Microsoft Entra Privileged Identity Management. They can create and manage groups that can be assigned to Microsoft Entra roles. In addition, this role allows management of all aspects of Privileged Identity Management and administrative units.

  References:

  https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure

  https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator

• Question 187:

  HOTSPOT

  You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

  

  You have the locations shown in the following table.

  

  The tenant contains a named location that has the following configurations: Name: Location1

  Mark as trusted location: Enabled IPv4 range: 10.10.0.0/16

  MFA has a trusted IP address range of 193.17.17.0/24.

  You have a Conditional Access policy that has the following settings: Name: CAPolicy1

  Assignments

  - Users or workload identities: Group1

  - Cloud apps or actions: All cloud apps

  Conditions

  Locations: All trusted locations Access controls

  Grant

  Grant access: Require multi-factor authentication

  - Session: 0 controls selected

  Enable policy: On

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 188:

  You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

  

  You create a dynamic user group and configure the following rule syntax.

  user.usageLocation -in ["US","AU"] -and (user.department -eq "Sales") -and -not (user.jobTitle -eq "Manager") r (user.

  jobTitle -eq "SalesRep") Which users will be added to the group?

  A. User1 only
  B. User2 only
  C. User3 only
  D. User1 and User2 only
  E. User1 and User3 only
  F. User1, User2, and User3
  D. User1 and User2 only

• Question 189:

  SIMULATION

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click the username below.

  To enter your password, place your cursor in the Enter password box and click the password below.

  Microsoft 365 Username: [email protected]

  Microsoft 365 Password: 1122334455667788

  If the Microsoft 365 portal does not load successfully in the browser, press CTRL+K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 99999999

  You need to ensure that when users in the sg-Operations group go to the My Apps portal, a tab named Operations appears that contains only the following applications: LinkedIn Box

  To complete this task, sign in to the appropriate admin center.

  A. See the explanation below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the explanation below

  ---

  Explanation

  

  Deploy Conditional Access App Control for cloud apps with Microsoft Entra ID

  Access and session controls in Microsoft Defender for Cloud Apps work with applications from the Cloud App Catalog and with custom applications.

  Configure the Microsoft Entra ID integration

  Use the following steps to create a Microsoft Entra Conditional Access policy that routes app sessions to Defender for Cloud Apps.

  Step 1: In the Microsoft Entra admin center, navigate to Protection > Conditional Access.

  Step 2: Select New policy.

  Step 3: In the Name field, enter a policy name.

  Step 4: Under Assignments, select Users or workload identities, and assign the required users or groups.

  [Select sg-Operations] Step 5: Under Assignments, select Target resources, and then select the cloud apps to control.

  [Select LinkedIn and Box]

  Step 6: Under Access controls, select Session, then select Use Conditional Access App Control, and choose Use custom policy.

  Step 7: Configure the policy in Microsoft Defender for Cloud Apps as required (custom policy).

  Step 8: Set Enable policy to On, and then select Create.

  Note:

  Conditional Access App Control integrates Microsoft Entra ID with Microsoft Defender for Cloud Apps to provide real-time session monitoring and control. Only supported cloud apps (such as LinkedIn and Box) from the app catalog can be used for Conditional Access App Control.

  References:

  https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies

• Question 190:

  You have a Microsoft 365 subscription that contains a user named User1.

  You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principal of least privilege.

  Which role should you assign to User1?

  A. Privileged role administrator
  B. Identify Governance administrator
  C. User administrator
  D. User Access Administrate
  B. Identify Governance administrator