Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 331:

  You have an Azure subscription that contains a storage account named storage1.

  You plan to deploy an app named App1 that will be hosted on multiple virtual machines.

  The virtual machines will authenticate to a Third-party API by using secrets.

  You need to recommend an authentication solution for the virtual machines.

  The solution must meet the following requirements

  1. Securely store secrets.

  2. Ensure that credentials do NOT need to be stored in the App1 code.

  3. Ensure that the virtual machines can access Azure resources by using Microsoft Entra authentication.

  4. Minimize administrative effort.

  What should you include in the recommendation?

  A. user accounts and Storage Service Encryption
  B. user accounts and Azure Key Vault
  C. user-assigned managed identities and Azure Key Vault
  D. system-assigned managed identities and Storage Service Encryption
  C. user-assigned managed identities and Azure Key Vault

• Question 332:

  You have a Microsoft 365 subscription.

  You need to create a Conditional Access policy that will use a Global Secure Access security profile. The solution must ensure that users are prevented from accessing websites that include the word gambling in the URL.

  What should you do first?

  A. Create a web content filtering policy.
  B. Create a named location.
  C. Configure the Adaptive Access settings.
  D. Create a network security group (NSG).
  A. Create a web content filtering policy.

  ---

  Explanation

  Configure Global Secure Access web content filtering Web content filtering empowers you to implement granular Internet access controls for your organization based on website categorization.

  Microsoft Entra Internet Access's first Secure Web Gateway (SWG) features include web content filtering based on domain names. Microsoft integrates granular filtering policies with Microsoft Entra ID and Microsoft Entra Conditional Access, which results in filtering policies that are user-aware, context-aware, and easy to manage.

  References:

  https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-web-content-filtering

• Question 333:

  HOTSPOT

  You have an Azure AD tenant that contains multiple storage accounts.

  You plan to deploy multiple Azure App Service apps that will require access to the storage accounts.

  You need to recommend an identity solution to provide the apps with access to the storage accounts. The solution must minimize administrative effort.

  Which type of identity should you recommend, and what should you recommend using to control access to the storage accounts? To answer, select the appropriate options in the answer area.

  

  

• Question 334:

  You have a Microsoft 365 subscription.

  You need to ensure that when users access the Microsoft 365 portal from Microsoft Edge and have their browser language set to Spanish, they are presented with a Spanish sign-in form.

  What should you do in the Microsoft Entra admin center?

  A. From Settings for the users, configure the Usage location setting.
  B. From Global Secure Access, configure the Session management settings.
  C. Configure the Company branding settings.
  D. Create a Conditional Access policy.
  C. Configure the Company branding settings.

  ---

  Explanation

  Configure your company branding

  Language customization Customize the sign-in experience based on browser language when users authenticate into your corporate intranet or web-based applications.

  Customize the sign-in experience by browser language You can create a personalized sign-in experience for users who sign in using a specific browser language by customizing the branding elements for that browser language. This customization overrides any configurations made to the default branding. If you don't make any changes to the elements, the default elements are displayed.

  1. Sign in to the Microsoft Entra admin center as an Organizational Branding Administrator.

  2. Browse to Identity > User experiences > Company branding.

  3. Select Add browser language.

  https://learn.microsoft.com/en-us/entra/fundamentals/how-to-customize-brandingReference:

• Question 335:

  SIMULATION

  Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click the username below.

  To enter your password, place your cursor in the Enter password box and click the password below.

  Microsoft 365 Username: [email protected]

  Microsoft 365 Password: 1122334455667788

  If the Microsoft 365 portal does not load successfully in the browser, press CTRL+K to reload the portal in a new browser tab.

  The following information is for technical support purposes only:

  Lab Instance: 99999999

  You need to configure the Group Administrator role to meet the following requirements:

  1. Allan Deyoung must be able to approve and reject requests to activate the role.

  2. Christie Cline must be able to request activation of the role.

  3. Use the principle of least privilege.

  To complete this task, sign in to the appropriate admin center.

  A. See the explanation below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the explanation below

  ---

  Explanation

  

  Microsoft 365 portal approve and reject requests to activate the role

  Note: Groups admin role in Azure Active Directory (Azure AD) is now generally available. This new Azure Active Directory role enables you to perform group management tasks for and Azure AD security groups without requiring Global administrator permissions.

  Part 1: Ensure that Allan Deyoung can approve and reject requests to activate the role. Assign a role Follow these steps to make a user eligible for an Azure resource role.

  Step 1: Sign in to the Microsoft Entra admin center as at least a User Access Administrator.

  Step 2: Browse to Identity governance > Privileged Identity Management > Azure resources.

  Step 3: Select the resource type you want to manage. Start at either the Management group dropdown or the Subscriptions dropdown, and then further select Resource groups or Resources as needed. Click the Select button for the resource you want to manage to open its overview page.

  

  Step 4: Under Manage, select Roles to see the list of roles for Azure resources.

  Step 5: Select Add assignments to open the Add assignments pane.

  

  Step 6: Select a Role you want to assign. [Here: Select the Group Administrator role]

  Step 7: Select No member selected link to open the Select a member or group pane.

  

  Step 8: Select a member or group you want to assign to the role and then choose Select. [Here: select Allan Deyoung]

  Step 9: On the Settings tab, in the Assignment type list, select Eligible or Active. [Here: Select Active] Active assignments don't require the member to activate the role before usage. Members assigned as active have the privileges assigned ready to use. This type of assignment is also available to customers that don't use Microsoft Entra PIM.

  Step 10: When finished, select Assign.

  Step 11: After the new role assignment is created, a status notification is displayed.

  Part 2: Ensure that Christie Cline can request activation of the role.

  Repeat steps 1-7 above Step 8: Select a member or group you want to assign to the role and then choose Select. [Here: select Christie Cline]

  Step 9: On the Settings tab, in the Assignment type list, select Eligible or Active. [Here: Select Eligible]

  Eligible assignments require the member to activate the role before using it. Administrator may require role member to perform certain actions before role activation, which might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.

  Step 10: When finished, select Assign.

  Step 11: After the new role assignment is created, a status notification is displayed.

  References:

  https://techcommunity.microsoft.com/t5/microsoft-365-groups/introducing-the-groups-admin-role/m-p/978995

  https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles

• Question 336:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant.

  You have 100 IT administrators who are organized into 10 departments.

  You create the access review shown in the exhibit. (Click the Exhibit tab.)

  

  You discover that all access review requests are received by Megan Bowen.

  You need to ensure that the manager of each department receives the access reviews of their respective department.

  Solution: You set Reviewers to Member (self).

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

• Question 337:

  You have the Azure resources show in the following table.

  

  Which identities can you assign the Contributor role for RG1?

  A. User1 only
  B. User1 and Group1 only
  C. User1 and VW1 only
  D. User1, VM1, and App1 only
  E. User1, Group1, Vm1, and App1
  E. User1, Group1, Vm1, and App1

• Question 338:

  HOTSPOT

  You have an Azure subscription that contains two resource groups named RG1 and RG2, a storage account named storage1.

  You assign roles for the subscription as shown in the following table.

  

  You assign roles for RG1 as shown in the following table.

  

  You assign roles for storage1 as shown in the following exhibit.

  

  Roles are NOT assigned for other Azure resources.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Yes - User1 can read the data stored in storage 1.

  User1 has the Reader role in the subscription. The subscription includes the storage account. User1 will have read access to the storage account.

  (For RG1, User1 has the Reader and Data Access role. User1 has no role at the storage account scope level.)

  Note:

  The Azure Reader role is a built-in role that grants users read-only access to view Azure resources. This means they can see information about resources, their properties, and configurations, but they cannot make any changes or modifications to those resources.

  Box 2: No - User2 can create a virtual network in RG2.

  User2 has the Contributor role for RG1 only, but not for RG2. User2 has the Reader role in the subscription. User2 will not be able to create a virtual network in RG2.

  Box 3: Yes - User3 can assign roles for storage 1.

  User3 has the User Access Administrator role for the storage1 storage account.

  The User Access Administrator role can assign roles. This role is specifically designed to manage access to Azure resources, including assigning roles to other users, groups, or service principals.

  References:

  https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

• Question 339:

  You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.

  The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain.

  The VPN server does NOT support Azure Multi-Factor Authentication (MFA).

  You need to recommend a solution to provide Azure MFA for VPN connections.

  What should you include in the recommendation?

  A. Azure AD Application Proxy
  B. an Azure AD Password Protection proxy
  C. Network Policy Server (NPS)
  D. a pass-through authentication proxy
  C. Network Policy Server (NPS)

• Question 340:

  Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

  

  You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 365 licenses.

  What should you do?

  A. Configure Microsoft Entra Application Proxy in the Contoso West tenant.
  B. Invite the Contoso East users as guests in the Contoso West tenant.
  C. Deploy a second Microsoft Entra Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
  D. Configure the existing Microsoft Entra Connect server in Contoso East to sync the Contoso East Active Directory forest to the Contoso West tenant.
  B. Invite the Contoso East users as guests in the Contoso West tenant.

  ---

  Explanation

  Before any of your users can grant SharePoint Online team site access to external guests, you will have to enable guest sharing from within Azure Active Directory.

  References:

  https://redmondmag.com/articles/2020/03/11/guest-access-sharepoint-online-team-sites.aspx

  https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/multi-tenant-common-considerations