Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 221:

  DRAG DROP

  You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com.

  You discover that users use their email address for self-service sign-up to Microsoft 365 services.

  You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.

  Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  

• Question 222:

  You have a Microsoft Entra tenant.

  You need to implement smart lockout with a lockout threshold of 10 failed sign-ins.

  What should you configure in the Microsoft Entra admin center?

  A. User risk policy
  B. Password protection
  C. Authentication strengths
  D. Sign-in risk policy
  B. Password protection

• Question 223:

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

  You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.

  What should you do first?

  A. From the Microsoft Defender for Cloud Apps portal, unsanctioned Facebook.
  B. Create an app configuration policy in Microsoft Endpoint Manager.
  C. Create a Defender for Cloud Apps access policy.
  D. Create a Conditional Access policy.
  C. Create a Defender for Cloud Apps access policy.

• Question 224:

  HOTSPOT

  You have an Azure subscription that contains the resources shown in the following table.

  

  You need to configure access to Vault1. The solution must meet the following requirements:

  1. Ensure that User1 can manage and create keys in Vault1.

  2. Ensure that User2 can access a certificate stored in Vault1.

  3. Use the principle of least privilege.

  Which role should you assign to each user? To answer select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 225:

  You need to modify the settings of the User administrator role to meet the technical requirements.

  Which two actions should you perform for the role? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Select Require justification on activation.
  B. Set all assignments to Active.
  C. Set all assignments to Eligible.
  D. Modify the Expire eligible assignments after setting.
  E. Select Require ticket information on activation.
  A. Select Require justification on activation.
  C. Set all assignments to Eligible.

• Question 226:

  SIMULATION

  You need to assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group.

  A. See the Explanation Below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation Below

  ---

  Explanation

  To assign a Windows 10/11 Enterprise E3 license to the Sg-Retail group, you can follow these steps:

  1. Sign in to the Microsoft Entra admin center:

  2. uk.co.certification.simulator.questionpool.PList@10b7708e 3. Navigate to the licensing page:

  4. Find the Windows 10/11 Enterprise E3 license:

  5. Assign licenses to the group:

  6. Review and confirm the assignment:

  7. Monitor the license status:

  By following these steps, the Sg-Retail group should now have the Windows 10/11 Enterprise E3 licenses assigned to them.

• Question 227:

  A user named User1 receives an error message when attempting to access the Microsoft Defender for Cloud Apps portal.

  You need to identify the cause of the error. The solution must minimize administrative effort.

  What should you use?

  A. Log Analytics
  B. sign-in logs
  C. audit logs
  D. provisioning logs
  B. sign-in logs

• Question 228:

  You have an Azure Active Directory (Azure AD) tenant named contoso.com.

  All users who run applications registered in Azure AD are subject to conditional access policies.

  You need to prevent the users from using legacy authentication.

  What should you include in the conditional access policies to filter out legacy authentication attempts?

  A. a cloud apps or actions condition
  B. a user risk condition
  C. a client apps condition
  D. a sign-in risk condition
  C. a client apps condition

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

• Question 229:

  HOTSPOT

  How should the access be setup to the on-premises applications?

  

  

  ---

  Box 1: Server2

  Incorrect:

  Not Server1: If you've deployed Azure AD Password Protection Proxy, do not install Azure AD Application Proxy and Azure AD Password Protection Proxy together on the same machine. Azure AD Application Proxy and Azure AD Password Protection Proxy install different versions of the Azure AD Connect Agent Updater service. These different versions are incompatible when installed together on the same machine.

  Server1 runs the Azure AD Application Proxy connector.

  To use Application Proxy, you need a Windows Server running Windows Server 2012 R2 or later. You'll install the Application Proxy connector on the server. This connector server needs to connect to the Application Proxy services in Azure, and the on-premises applications that you plan to publish.

  Scenario: Requirements. Authentication requirements include: Enforce MFA when accessing on-premises applications.

  Existing environment. On-premises environment: The on-premises network contains the servers shown in the following table.

  Existing environment. Identity environment:

  The network contains an Active Directory forest named litware.com that is linked to a Microsoft Entra ID tenant named litware.com. Microsoft Entra Connect uses pass-through authentication and has password hash synchronization disabled.

  Litware.com contains a user named User1 who oversees all application development.

  Box 2: DC1

  The Azure AD Password Protection proxy service is typically installed on a member server in your on-premises AD DS environment. Once installed, the Azure AD Password Protection proxy service communicates with Microsoft Entra ID to maintain a copy of the global and customer banned password lists for your tenant.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy

  https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-add-on-premises-application

  Plan and implement workload identities

• Question 230:

  You have an Azure subscription named Sub1 that contains a virtual machine named VM1.

  You need to enable Microsoft Entra login for VM1 and configure VM1 to access the resources in Sub1.

  Which type of identity should you assign to VM1?

  A. system-assigned managed identity
  B. Azure Automation account
  C. Microsoft Entra user account
  D. user-assigned managed identity
  A. system-assigned managed identity

  ---

  Explanation

  You can configure managed identities for Azure resources on a VM. You can enable and disable system and user-assigned managed identities for an Azure Virtual Machine (VM).

  Note: Managed identity types There are two types of managed identities:

  System-assigned. Some Azure resources, such as virtual machines allow you to enable a managed identity directly on the resource.

  User-assigned. You may also create a managed identity as a standalone Azure resource. You can create a user-assigned managed identity and assign it to one or more Azure Resources.

  References:

  https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/qs-configure-portal-

  https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview