Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 191:

  You have an Azure AD tenant that contains two users named User1 and User2.

  You plan to perform the following actions:

  1. Create a group named Group1.

  2. Add User1 and User2 to Group1.

  3. Assign Azure AD roles to Group1.

  You need to create Group1.

  Which two settings can you use? Each correct answer presents a complete solution.

  NOTE: Each correct selection is worth one point.

  A. Group type: Microsoft 365 - Membership type: Assigned
  B. Group type: Security - Membership type: Assigned
  C. Group type: Security - Membership type: Dynamic User
  D. Group type: Microsoft 365 - Membership type: Dynamic User
  E. Group type: Security - Membership type: Dynamic Device
  A. Group type: Microsoft 365 - Membership type: Assigned
  B. Group type: Security - Membership type: Assigned

• Question 192:

  HOTSPOT

  You have a Microsoft Entra tenant that contains the users shown in the following table.

  

  The tenant contains the identities shown in the following table.

  

  Which users can create custom security attributes, and to which identities can the attributes be assigned?

  To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

  

  

• Question 193:

  You have a Microsoft Entra tenant.

  You need to ensure that only specific domains can be invited as guests.

  What should you configure?

  A. Cross-tenant access settings
  B. External collaboration settings
  C. Conditional Access
  D. Identity Protection
  B. External collaboration settings

  ---

  Explanation

  External collaboration settings allow you to restrict invitations to specific domains.

• Question 194:

  DRAG DROP

  You have a Microsoft 365 E5 subscription.

  You need to perform the following tasks:

  1. Identify the locations and IP addresses used by Azure AD users to sign in.

  2. Review the Azure AD security settings and identify improvement recommendations.

  3. Identify changes to Azure AD users or service principals.

  What should you use for each task? To answer, drag the appropriate resources to the correct requirements. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

• Question 195:

  You have 2,500 users who are assigned Microsoft 365 E3 licenses.

  The licenses are assigned to individual

  You assign Microsoft 365 E5 licenses to a group that includes all users.

  You need to remove the Microsoft 365 E3 licenses from the users by using the least amount of administrative effort.

  What should you use?

  A. the Update-MgGroup cmdlet
  B. the Set-WindowsProductKey cmdlet
  C. the Set-MgUserLicense cmdlet
  D. the Licenses blade in the Microsoft Entra admin center
  D. the Licenses blade in the Microsoft Entra admin center

  ---

  Explanation

  The Licenses blade in the Microsoft Entra admin center lets you manage and remove direct (per-user) license assignments in bulk with minimal effort, which is the quickest way to strip the individually assigned Microsoft 365 E3 licenses after moving users to group-based E5 licensing.

• Question 196:

  You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.

  You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.

  What should you configure for storage1 in the Azure portal?

  A. data protection
  B. a shared access signature (SAS)
  C. the Access control (IAM) settings
  D. the File share settings
  E. access keys
  C. the Access control (IAM) settings

  ---

  Explanation

  Grant access to the storage account

  You need to grant your web app access to the storage account before you can create, read, or delete blobs. In a previous step, you configured the web app running on App Service with a managed identity. Using Azure RBAC, you can give the managed identity access to another resource, just like any security principal. The Storage Blob Data Contributor role gives the web app (represented by the system-assigned managed identity) read, write, and delete access to the blob container and data.

  In the Azure portal, go into your storage account to grant your web app access. Select *Access control (IAM)* in the left pane, and then select Role assignments. You'll see a list of who has access to the storage account. Now you want to add a role assignment to a robot, the app service that needs access to the storage account. Select Add > Add role assignment to open the Add role assignment page.

  References:

  https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-access-storage

• Question 197:

  HOTSPOT

  You have two Microsoft Entra tenants named contoso.com and fabhkam.com.

  Contoso.com contains the users shown in the following table.

  

  Contoso.com contains the groups shown in the following table.

  

  You configure cross-tenant synchronization from contoso.com to fabrikam.com and enable cross-tenant synchronization for User3 and Group2.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 198:

  You have an Azure Active Directory (Azure AD) tenant.

  For the tenant. Users can register applications Is set to No.

  A user named Admin1 must deploy a new cloud app named App1.

  You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.

  Which role should you assign to Admin1?

  A. Application developer in Azure AD
  B. App Configuration Data Owner for Subscription1
  C. Managed Application Contributor for Subscription1
  D. Cloud application administrator in Azure AD
  A. Application developer in Azure AD

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles

• Question 199:

  You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Linux.

  You need to configure enhanced security for VM1.

  The solution must meet the following requirements:

  1. Ensure that users can sign in to VM1 by using their Microsoft Entra credentials

  2. Ensure That users authenticate by using multi-factor out-of-band

  3. Prevent users from signing in to VM1 by using passwords.

  Which two authentication methods can you include in the solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  A. the Microsoft Authenticator app
  B. Windows Hello for Business
  C. Passkey(FID02)
  D. Temporary Access Pass
  E. SMS
  A. the Microsoft Authenticator app
  D. Temporary Access Pass

• Question 200:

  HOTSPOT

  Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.

  The tenant contains the groups shown in the following table.

  

  The tenant contains the users shown in the following table.

  

  You create an access review as shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  User1's membership cannot be managed since he is a member of a nested group. User2's membership cannot be managed since he is a part of Group2 which is an AD group (not AAD). User3 is not the member of Group2.