Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 261:

  HOTSPOT

  You have a Microsoft Entra tenant that contains an administrative unit named AU1. AU1 is configured for assigned membership.

  The tenant contains the users shown in the following table.

  

  For AU1, you update the following configurations:

  1. Membership type: Dynamic User

  2. Dynamic membership rule: (user.department -eq";h";)

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  

  

• Question 262:

  Your company has a Microsoft 365 tenant.

  The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.

  The users are prohibited from having a mobile phone in the call center.

  You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.

  What should you include in the solution?

  A. a named network location
  B. the Microsoft Authenticator app
  C. Windows Hello for Business authentication
  D. FIDO2 tokens
  D. FIDO2 tokens

  ---

  Explanation

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

• Question 263:

  You have a Microsoft Entra tenant named contoso.com that has Microsoft Entra ID Protection policies enforced.

  You create a Microsoft Sentinel workspace and configure the Microsoft Entra ID data connector.

  You need to ensure that Microsoft Sentinel can generate incidents based on the risk detections raised by Microsoft Entra ID Protection.

  What should you do first?

  A. Add a Microsoft Sentinel data connector.
  B. Configure the notification settings in Microsoft Entra ID Protection.
  C. Create a Microsoft Sentinel playbook.
  D. Configure the diagnostic settings in Microsoft Entra ID.
  A. Add a Microsoft Sentinel data connector.

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-ad-identity-protection

• Question 264:

  HOTSPOT

  Your company has a Microsoft 365 tenant.

  All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.

  The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.

  You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.

  What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

  https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices

• Question 265:

  You have a Microsoft Entra tenant that contains a terms of use (ToU) named Terms1.

  You create a Conditional Access policy named Policy1 to deploy Terms1.

  You need to configure Policy1 to require users to accept Terms1.

  Which settings should you configure for Policy1?

  A. Conditions
  B. Session
  C. Grant
  D. Target resources
  B. Session

• Question 266:

  SIMULATION

  You need to add the Linkedln application as a resource to the Sales and Marketing access package. The solution must NOT remove any other resources from the access package.

  A. See the Explanation Below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation Below

  ---

  Explanation

  To add the LinkedIn application as a resource to the Sales and Marketing access package without removing any other resources, you can follow these steps:

  1. Sign in to the Microsoft Entra admin center:

  2. uk.co.certification.simulator.questionpool.PList@76155049

  3. Navigate to Entitlement Management:

  4. Select the Sales and Marketing access package:

  5. Add a new resource:

  6. Configure the resource role:

  7. Review and update the access package:

  8. Save the changes:

  9. Communicate the update:

  By following these steps, you will successfully add the LinkedIn application to the Sales and Marketing access package without affecting the other resources.

• Question 267:

  Your company purchases 2 new Microsoft 365 ES subscription and an app named App.

  You need to create a Microsoft Defender for Cloud Apps access policy for App1.

  What should you do you first? (Choose Correct Answer based on Microsoft Identity and Access Administrator at microsoft.com)

  A. Configure a Token configuration for App1.
  B. Add an API permission for App.
  C. Configure a Conditional Access policy to use app-enforced restrictions.
  D. Configure a Conditional Access policy to use Conditional Access App Control.
  D. Configure a Conditional Access policy to use Conditional Access App Control.

  ---

  Explanation

  https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aadTocreateaMicrosoftDefenderforCloudAppsaccesspolicyforApp1,youshouldconfigureaConditionalAccesspolicytouseapp-enforcedrestrictions.Thiswillallowyoutocontrolaccesstoyourcloudappsbasedonconditionssuchasuser,device,location,andappstate.Youcanalsouseapp-enforcedrestrictionstocontrolaccesstoyourcloudappsbasedonthestateoftheapp,suchaswhetherit'srunningonamanagedorunmanageddevice.

• Question 268:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.

  You deploy an Azure subscription and enable Microsoft 365 Defender.

  You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.

  Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

• Question 269:

  HOTSPOT

  You have an Azure subscription named Sub1.

  You plan to use Microsoft Entra Permissions Management to manage Sub1.

  You need to ensure that Permissions Management can perform the following tasks:

  1. Identify unused permissions assigned to applications and managed identities.

  2. Provide users with recommendations about which permissions to remove.

  3. Remove unused permissions.

  The solution must follow the principle of least privilege.

  Which role should you assign to the service principal of Permissions Management, and what should you use to provide recommendations and remove unused permissions? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Access Review Operator Service Role

  Access Review Operator Service Role: Let you grant Access Review System app permissions to discover and revoke access as needed by the access review process.

  Note:

  Only users with Administrator permissions can view and make changes on the Autopilot tab. Not need here.

  To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. But his is not need here.

  Incorrect:

  1. Reader Would not be able to remove unused permissions.

  2. Owner Too powerful.

  3. User Access Administrator Box 2: An Autopilot rule

  Use The Autopilot dashboard in Permissions Management provides a table of information about Autopilot rules for administrators. Creating Autopilot rules allows you to automate right-sizing policies so you can automatically remove unused roles and permissions assigned to identities in your authorization system. rule notification settings, and more. From the Autopilot dashboard, you can view information on all current rules, including names, rule type, References:

  https://learn.microsoft.com/en-us/entra/permissions-management/how-to-create-rule

  https://www.azadvertizer.net/azrolesadvertizer/76cc9ee4-d5d3-4a45-a930-26add3d73475.html

• Question 270:

  You have an Azure AD tenant.

  You deploy a new enterprise application named App1.

  When users attempt to provide App1 with access to the tenant, the attempt fails.

  You need to ensure that the users can request admin consent for App1. The solution must follow the principle of least privilege.

  What should you do first?

  A. Enable admin consent requests for the tenant.
  B. Designate a reviewer of admin consent requests for the tenant.
  C. From the Permissions settings of App1, grant App1 admin consent for the tenant
  D. Create a Conditional Access policy for App1.
  A. Enable admin consent requests for the tenant.