Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 281:

  You have a Microsoft Entra tenant.

  You need to add the Facebook social identity provider to the tenant.

  What should you do first?

  A. Add a custom domain
  B. Add a WS-Fed identity provider.
  C. Add a SAML identity provider.
  D. Set Enable guest self-service sign up via user flows to Yes.
  D. Set Enable guest self-service sign up via user flows to Yes.

  ---

  Explanation

  Add Facebook as an identity provider for External ID You can add Facebook to your self-service sign-up user flows so that users can sign in to your applications using their own Facebook accounts. To allow users to sign in using Facebook, you first need to enable self-service sign-up for your tenant. After you add Facebook as an identity provider, set up a user flow for the application and select Facebook as one of the sign-in options.

  After you add Facebook as one of your application's sign-in options, on the Sign in page, a user can enter the email they use to sign in to Facebook, or they can select Sign-in options and choose Sign in with Facebook. In either case, they're redirected to the Facebook sign in page for authentication.

  

  References:

  https://learn.microsoft.com/en-us/entra/external-id/facebook-federation

• Question 282:

  HOTSPOT

  You have an on-premises datacenter that contains the hosts shown in the following table.

  

  You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.

  You need to ensure that you can publish App1 to Azure AD users.

  What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 283:

  You have a Microsoft Entra tenant.

  You need to use Microsoft Entra workbooks to monitor identity activity.

  To what should you set Destination details in the Diagnostic settings?

  A. Archive to a storage account
  B. Send to partner solution
  C. Stream to an event hub
  D. Send to Log Analytics workspace
  D. Send to Log Analytics workspace

  ---

  Explanation

  Microsoft Entra workbooks use data stored in a Log Analytics workspace, so the diagnostic logs must be sent to Log Analytics to enable workbook queries and visualizations.

• Question 284:

  You have a Microsoft Entra tenant that contains the users shown in the following table:

  

  Admin4 creates a Conditional Access policy named Policy1 by using the "Require multifactor authentication for Azure management" template.

  Which users will be required to use multi-factor authentication (MFA) the next time they sign in?

  A. Admin2 and Admin3 only
  B. Admin1 and Admin4 only
  C. Admin1, Admin2, and Admin3 only
  D. Admin1, Admin2, Admin3, and Admin4
  B. Admin1 and Admin4 only

• Question 285:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.

  

  The subscription contains a Conditional Access policy that has the following settings:

  Name: Policy1

  Target resources:

  1. Include

  2. All cloud apps

  3. Access controls

  4. Grant

  5. Requite multifactor authentication

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 286:

  You need to locate licenses to the A. Datum users. The solution must need the technical requirements.

  Which type of object should you create?

  A. A Dynamic User security group
  B. An OU
  C. A distribution group
  D. An administrative unit
  A. A Dynamic User security group

• Question 287:

  SIMULATION

  You need to ensure that when users in the Sg-Operations group go to the My Apps portal a tab named Operations appears that contains only the following applications:

  1. Unkedln

  2. Box

  A. See the Explanation Below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation Below

  ---

  Explanation

  To ensure that users in the Sg-Operations group see a tab named "Operations" containing only LinkedIn and Box applications in the My Apps portal, you can create a collection with these specific applications. Here's how to do it:

  1. Sign in to the Microsoft Entra admin center:

  2. uk.co.certification.simulator.questionpool.PList@552a66a9

  3. Navigate to App launchers:

  4. Create a new collection:

  5. Add applications to the collection:

  6. Assign the collection to the Sg-Operations group:

  7. Review and create the collection:

  By following these steps, when users in the Sg-Operations group visit the My Apps portal, they will see a new tab named "Operations" that contains only the LinkedIn and Box applications 1.

  Please note that to create collections on the My Apps portal, you need a Microsoft Entra ID P1 or P2 license 1.

• Question 288:

  You have an Azure subscription, a Google Cloud Platform (GCP) account, and an Amazon Web Services (AWS) account.

  You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort.

  What should you include in the recommendation?

  A. Microsoft Sentinel
  B. Microsoft Entra ID Protection
  C. Microsoft Defender for Cloud Apps
  D. Microsoft Entra Permissions Management
  D. Microsoft Entra Permissions Management

• Question 289:

  You have a Microsoft Entra tenant that contains the external user shown in the following exhibit.

  

  You update the email address of the user.

  You need to ensure that the user can authenticate by using the updated email address.

  What should you do for the user?

  A. Modify the Authentication methods settings.
  B. Reset the password.
  C. Revoke the active sessions.
  D. Reset the redemption status.
  D. Reset the redemption status.

  ---

  Explanation

  Properties of a Microsoft Entra B2B collaboration user

  Invitation redemption Now, let's see what a Microsoft Entra B2B collaboration user looks like in Microsoft Entra External ID.

  Before invitation redemption B2B collaboration user accounts are the result of inviting guest users to collaborate by using the guest users' own credentials. When the invitation is initially sent to the guest user, an account is created in your tenant. This account doesn't have any credentials associated with it because authentication is performed by the guest user's identity provider. The Identities property for the guest user account in your directory is set to the host's organization domain until the guest redeems their invitation. The user sending the invitation is added as a default value for the Sponsor (preview) attribute on the guest user account. In the portal, the invited user's profile will show an External user state of PendingAcceptance. Querying for externalUserState using the Microsoft Graph API will return Pending Acceptance.

  

  After invitation redemption After the B2B collaboration user accepts the invitation, the Identities property is updated based on the user's identity provider.

  If the B2B collaboration user is using a Microsoft account or credentials from another external identity provider, Identities reflects the identity provider, for example Microsoft Account, google.com, or facebook.com.

  References:

  https://learn.microsoft.com/en-us/entra/external-id/user-properties

• Question 290:

  HOTSPOT

  Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant.

  You need to configure Azure AD Connect to meet the following requirements:

  1. User sign-ins to Azure AD must be authenticated by an Active Directory domain controller.

  2. Active Directory domain users must be able to use Azure AD self-service password reset (SSPR).

  What should you use for each requirement? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.