Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 311:

  HOTSPOT

  You have a Microsoft Entra tenant named contoso.com that has cross-tenant access configured as shown in the following table.

  

  You have two partner organizations named Fabrikam, Inc. and

  A. Datum Corporation. Fabrikam has a Microsoft 365 domain named fabrikam.com.

  A. Datum has a Microsoft 365 domain named adatum.com.

  You configure cross-tenant access for fabrikam.com as shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: A user in contoso.com can send a guest invitation to a user that has an email address of [email protected] No

  All outbound B2B collaboration settings are blocked.

  Note: To send a guest invitation in Microsoft 365, you need to configure both inbound and outbound cross-tenant access settings for B2B collaboration. This involves specifying which external organizations are allowed to invite users to your tenant (inbound) and which organizations your users can invite (outbound)

  Inbound Access (Allowing Others to Invite Your Users as Guests) Outbound Access (Allowing Your Users to Invite Guests)

  Box 2: A user in contoso.com can send a guest invitation to a user that has an email address of [email protected] No

  All outbound B2B collaboration settings are blocked.

  Box 3: A user in contoso.com can accept a guest invitation from a user that has an email address of [email protected] Yes

  All inbound B2B collaboration settings are allowed.

  References:

  https://learn.microsoft.com/en-us/entra/external-id/external-collaboration-settings-configure

• Question 312:

  You have two Microsoft Entra tenants named contoso.com and fabrikam.com. Contoso.com contains the identities shown in the following table.

  

  You configure cross-tenant synchronization from contoso.com to fabrikam.com.

  Which identities will sync with fabrikam.com?

  A. User1 only
  B. User1 and Group1 only
  C. User1 and Group2 only
  D. User1, Group1, and Group2
  A. User1 only

• Question 313:

  You have an Azure Active Directory (Azure AD) tenant that contains the following objects:

  1. A device named Device1

  2. Users named User1, User2, User3, User4, and User5

  3. Groups named Group1, Group2, Group3, Group4, and Group5

  The groups are configured as shown in the following table.

  

  To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

  A. Group1 and Group4 only
  B. Group1, Group2, Group3, Group4, and Group5
  C. Group1 and Group2 only
  D. Group1 only
  E. Group1, Group2, Group4, and Group5 only
  B. Group1, Group2, Group3, Group4, and Group5

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced

• Question 314:

  SIMULATION

  Use the following login credentials as needed:

  To enter your username, place your cursor in the Sign in box and click the username below.

  To enter your password, place your cursor in the Enter password box and click the password below.

  Microsoft 365 Username: [email protected]

  Microsoft 365 Password: 1122334455667788

  If the Microsoft 365 portal does not load successfully in the browser, press CTRL+K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 99999999

  You need to create a group named Audit. The solution must ensure that the members of Audit can activate the Security Reader role.

  To complete this task, sign in to the appropriate admin center.

  A. See the explanation below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the explanation below

  ---

  Explanation

  

  Create a role-assignable group in Microsoft Entra ID

  Step 1: Sign in to the Microsoft Entra admin center as at least a Privileged Role Administrator.

  Step 2: Browse to Identity > Groups > All groups.

  Step 3: Select New group.

  Step 4: On the New Group page, provide group type, name [Enter Audit] and description.

  Step 5: Set Microsoft Entra roles can be assigned to the group to Yes.

  Step 6: Select the members and owners for the group. [Skip]

  Step 7: Add role: Click No Roles select and select the Security Reader role.

  Step 8: Select Create.

  References:

  https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-create-eligible

• Question 315:

  You have an Azure subscription.

  You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege.

  Which role should you assign to the service principal of Permissions Management?

  A. User Access Administrator
  B. Contributor
  C. Reader
  D. Owner
  B. Contributor

• Question 316:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant.

  You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.

  You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.

  Solution: You configure Azure AD Password Protection.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

• Question 317:

  HOTSPOT

  A user named User1 attempts to sign in to the tenant by entering the following incorrect passwords:

  1. Pa55w0rd12

  2. Pa55w0rd12

  3. Pa55w0rd12

  4. Pa55w.rd12

  5. Pa55w.rd123

  6. Pa55w.rd123

  7. Pa55w.rd123

  8. Pa55word12

  9. Pa55word12

  10. Pa55word12

  11. Pa55w.rd12

  You need to identify how many sign-in attempts were tracked for User1, and how User1 can unlock her account before the 300-second lockout duration expires.

  What should identify? To answer, select the appropriate

  NOTE: Each correct selection is worth one point.

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

• Question 318:

  You have a Microsoft Entra tenant that has a Microsoft Entra ID P2 license.

  You create a Log Analytics workspace.

  You need to ensure that you can view Azure AD audit log information by using Azure Monitor.

  What should you do first?

  A. Modify the Diagnostics settings for Azure AD.
  B. Run the Update-MgOrganization cmdlet.
  C. Run the Update-MgDomain cmdlet.
  D. Create an Azure AD workbook.
  A. Modify the Diagnostics settings for Azure AD.

  ---

  Explanation

  Integrate Azure AD logs with Azure Monitor logs Using Diagnostic settings in Azure Active Directory (Azure AD), you can integrate logs with Azure Monitor so your sign-in activity and the audit trail of changes within your tenant can be analyzed along with other Azure data.

  References:

  https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-azure-monitor-logs

• Question 319:

  HOTSPOT

  Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The AD DS domain contains the organizational units (OUs) shown in the following table.

  

  You need to create a break-glass account named BreakGlass.

  Where should you create BreakGlass, and which role should you assign to BreakGlass? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#how-to-create-an-emergency-access-account

• Question 320:

  You have a Microsoft Entra tenant that uses self-service password reset (SSPR).

  You need to ensure that administrators must use two authentication methods when resetting their passwords.

  What should you do?

  A. Modify the SSPR registration policy
  B. Configure Identity Protection
  C. Use the default administrator reset policy
  D. Enable password writeback
  C. Use the default administrator reset policy

  ---

  Explanation

  Administrator accounts are automatically subject to a stronger two-gate reset policy by default. This requirement cannot be changed and ensures higher security.