Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 301:

  HOTSPOT

  You have two Azure subscriptions named Sub1 and Sub2 that are linked to a Microsoft Entra tenant. The tenant contains three groups named Group1, Group2, and Group3.

  The subscriptions contain the resources shown in the following table.

  

  The tenant contains the users shown in the following table.

  

  You manage the subscriptions by using Microsoft Entra Permissions Management. Permissions Management is configured as shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: No

  User1 is member of Group1. Group1 has the Viewer role in Sub1. VM2 is in Sub2 though.

  Box 2: Yes

  User2 is member of Group2 and Group3. Group2 has the Controller role in Sub2, and can requestor for Other identities for User1. Automation1 is an Azure Automation account in Sub2.

  Note: Use the controller's role-based access control (RBAC) to delegate the minimum level of privileges required to run automation.

  Box 3: Yes

  User3 is member of Group3. Group3 has the Approver role for All Current and Future.

  Note:

  What is the role of approver in Microsoft? The Project Approver Admin security role allows users to bypass policies and allows for the approval of entries across all projects. Assignment of this role will bypass the validation logic that requires team membership and being marked as an approver.

  For access to all authorization system types, select All (Current and Future).

  References:

  https://docs.ansible.com/automation-controller/latest/html/administration/security_best_practices.html

  https://learn.microsoft.com/en-us/dynamics365/project-operations/approvals/approvals-security

  https://learn.microsoft.com/en-us/entra/permissions-management/product-define-permission-levels

• Question 302:

  You have a Microsoft Entra tenant that uses Microsoft Entra ID Premium licenses.

  You plan to configure a terms of use (ToU) for the tenant.

  You need to upload the ToU document.

  Which format should you use for the document?

  A. HTML
  B. RTF
  C. PDF
  D. DOCX
  C. PDF

• Question 303:

  SIMULATION

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click the username below.

  To enter your password, place your cursor in the Enter password box and click the password below.

  Microsoft 365 Username: [email protected]

  Microsoft 365 Password: 1122334455667788

  If the Microsoft 365 portal does not load successfully in the browser, press CTRL+K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 99999999

  You need to configure consent for applications that require access to data in the Microsoft 365 subscription. The solution must meet the following requirements:

  1. Users must not be able to grant consent to applications.

  2. Users must be able to request administrator approval for applications.

  3. Allan Deyoung must be able to review consent requests.

  To complete this task, sign in to the appropriate admin center.

  A. See the explanation below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the explanation below

  ---

  Explanation

  

  Before an application can access your organization's data, consent must be granted for the required permissions.

  Part 1: Prevent users from granting consent and allow them to request admin approval

  Step 1: Sign in to the Microsoft Entra admin center as a Global Administrator.

  Step 2: Navigate to Identity > Applications > Enterprise applications > Consent and permissions > User consent settings.

  Step 3: Under User consent for applications, select Do not allow user consent.

  Step 4: Select Save.

  Part 2: Enable admin consent workflow and assign reviewer

  Step 1: In the Microsoft Entra admin center, navigate to Identity > Applications > Enterprise applications > Consent and permissions > Admin consent settings.

  Step 2: Under Admin consent requests, set Users can request admin consent to apps they are unable to consent to to Yes.

  Step 3: Under Reviewers, add Allan Deyoung.

  Step 4: Select Save.

  References:

  https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent

  https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow

• Question 304:

  You create a new Microsoft 365 E5 tenant.

  You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA).

  What should you configure?

  A. a sign-in risk policy
  B. a user risk policy
  C. an MFA registration policy
  A. a sign-in risk policy

• Question 305:

  You have a Microsoft 365 E5 subscription.

  You create an access review named Review1. Review1 requires that every six months, Microsoft 365 group owners review guest user access to their groups.

  You need to ensure that if the group owners fail to review the membership of Review1, guest users are removed automatically.

  Which settings should you configure for Review1?

  A. Scheduling
  B. When completed
  C. General
  D. Reviewers
  B. When completed

• Question 306:

  HOTSPOT

  You have a Microsoft 365 E5 subscription that contains a user named User1.

  You configure app governance integration.

  User1 needs to view the App governance dashboard. The solution must use the principle of the least privilege.

  Which role should you assign to User1, and which portal should User1 use to view the dashboard? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Application Administrator

  One of the following administrator roles is required to see app governance pages or manage policies and settings:

  Application Administrator Cloud Application Administrator Company or Global Administrator Compliance Administrator Compliance Data Administrator Global Reader Security Administrator Security Operator Security Reader (read-only)

  Box 2: Microsoft 365 Defender portal

  View the App governance > Overview tab in the Microsoft 365 Defender portal.

  References:

  https://learn.microsoft.com/en-us/defender-cloud-apps/app-governance-get-started

• Question 307:

  You have a Microsoft Entra tenant.

  You need to configure protected actions to require privileged users to use phishing-resistant multifactor authentication (MFA).

  What should you do first?

  A. Create an access package.
  B. Configure an authentication strength for the tenant.
  C. Add an authentication context.
  D. Create a Conditional Access policy.
  C. Add an authentication context.

  ---

  Explanation

  Protected actions are enforced through Conditional Access by associating specific high-impact permissions with an authentication context. The authentication context is the "tag" that Conditional Access can target for step-up requirements.

  You must create this authentication context first because it becomes the linkage point used later to bind the selected protected permissions to that context and build a Conditional Access policy that targets the context and requires a phishing-resistant authentication requirement (for example, the built-in Phishing-resistant MFA authentication strength). Without an authentication context in place, there's nothing to attach protected actions to and nothing specific for a Conditional Access policy to scope to for those protected permissions.

• Question 308:

  You have a Microsoft Entra tenant.

  You open the risk detections report.

  Which risk detection type is classified as a user risk?

  A. password spray
  B. anonymous IP address
  C. unfamiliar sign-in properties
  D. Microsoft Entra threat intelligence
  D. Microsoft Entra threat intelligence

• Question 309:

  HOTSPOT

  You implement the planned changes for SSPR.

  What occurs when User3 attempts to use SSPR? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 310:

  You have an Azure subscription that contains the users shown in the following table.

  

  You need to implement Azure AD Privileged Identity Management (PIM).

  Which users can use PIM to activate their role permissions?

  A. Admin1 only
  B. Admin2 only
  C. Admin3 only
  D. Admin1 and Admin2 only
  E. Admin2 and Admin3 only
  F. Admin1, Admin2, and Admin3
  D. Admin1 and Admin2 only