Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 361:

  You have an Azure Active Directory (Azure AD) Azure AD tenant.

  You need to bulk create 25 new user accounts by uploading a template file.

  Which properties are required in the template file?

  A. displayName, identityIssuer, usageLocation, and userType
  B. accountEnabled, givenName, surname, and userPrincipalName
  C. accountEnabled, displayName, userPrincipalName, and passwordProfile
  D. accountEnabled, passwordProfile, usageLocation, and userPrincipalName
  C. accountEnabled, displayName, userPrincipalName, and passwordProfile

• Question 362:

  HOTSPOT

  You have a Microsoft Entra tenant that contains a user named User1.

  An administrator deletes User1. You need to identity the following:

  1. What is the maximum number of days for which you have the option to restore the User1 account?

  2. Which is the least privileged role that can be used to restore User1?

  To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Number of days: 30

  After you delete a user, the account remains in a suspended state for 30 days. During that 30-day window, the user account can be restored, along with all its properties. After that 30-day window passes, the permanent deletion process is automatically started and can't be stopped.

  Role: User Administrator

  You must have one of the following roles to restore and permanently delete users.

  1. Global administrator

  2. Partner Tier1 Support

  3. Partner Tier2 Support

  4. User administrator

  https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-restore

• Question 363:

  You have a Microsoft Entra tenant.

  You need to evaluate how Conditional Access policies affect a specific user.

  What should you use?

  A. Access reviews
  B. Identity Secure Score
  C. What If tool
  D. Azure Monitor
  C. What If tool

  ---

  Explanation

  The What If tool simulates Conditional Access policies to evaluate their impact on a user.

• Question 364:

  You have a Microsoft Entra ID P2 tenant named contoso.com that contains a registered app named App1.

  On January 1, App1 was deleted.

  You need to restore App1.

  What is the last day on which you can restore App1?

  A. January 14
  B. January 30
  C. March 30
  D. June 30
  B. January 30

  ---

  Explanation

  A deleted Microsoft Entra ID P2 app can be restored within the first 30 days after its deletion. After this 30- day window, the application is permanently deleted and cannot be restored.

  References:

  https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/restore-application

• Question 365:

  HOTSPOT

  You need to implement the planned changes and technical requirements for the marketing department.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-organization

• Question 366:

  You have a Microsoft 365 tenant.

  You currently allow email clients that use Basic authentication to conned to Microsoft Exchange Online.

  You need to ensure that users can connect t to Exchange only run email clients that use Modern authentication protocols.

  What should you implement?

  You need to ensure that use Modern authentication

  A. a compliance policy in Microsoft Endpoint Manager
  B. a conditional access policy in Azure Active Directory (Azure AD)
  C. an application control profile in Microsoft Endpoint Manager
  D. an OAuth policy in Microsoft Cloud App Security
  B. a conditional access policy in Azure Active Directory (Azure AD)

  ---

  Explanation

  The question says nothing about what type of device or what tjhe application being used is so setting an App control policy will not do anything. CA polciies allow legacy auth to be blocked regardless of device.

• Question 367:

  SIMULATION

  You need to lock out accounts for five minutes when they have 10 failed sign-in attempts.

  A. See the Explanation Below
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation Below

  ---

  Explanation

  To configure the account lockout settings so that accounts are locked out for five minutes after 10 failed sign-in attempts, you can follow these steps:

  1. Open the Microsoft Entra admin center:

  2. uk.co.certification.simulator.questionpool.PList@2b58d93c 3. Navigate to the lockout settings:

  4. Adjust the Smart Lockout settings:

  Please note that by default, smart lockout locks an account from sign-in after 10 failed attempts in Azure Public and Microsoft Azure operated by 21Vianet tenants 1. The lockout period is one minute at first, and longer in subsequent attempts.

  However, you can customize these settings to meet your organization's requirements if you have Microsoft Entra ID P1 or higher licenses for your users 1.

• Question 368:

  You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.

  What should you do first?

  A. Modify the User consent settings for the enterprise applications.
  B. Create a catalog.
  C. Create a program.
  D. Modify the Admin consent requests settings for the enterprise applications.
  C. Create a program.

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlementmanagement-overview

• Question 369:

  You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1 and a Microsoft 365 group named Group1.

  You need to ensure that the members of Group1 can access Site1 for 90 days. The solution must minimize administrative effort.

  What should you use?

  A. an access package
  B. an access review
  C. a lifecycle workflow
  D. a Conditional Access policy
  A. an access package

  ---

  Explanation

  With entitlement management, an access package enables a one-time setup of resources and policies that automatically administers access for the life of the access package.

  An access package manager can configure policies to require approval for users to have access to access packages. A user that needs access to an access package can submit a request to get access.

  References:

  https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-request-access

• Question 370:

  HOTSPOT

  You have a Microsoft Entra tenant that contains two remote networks named RemoteNetwork1 and RemoteNetwork2 and the users shown in the following table.

  

  You have the devices shown in the following table.

  

  You have a Conditional Access policy that has the following settings:

  1. Name: CAPolicy1

  2. Assignments

  Users: Group1, Group2

  Target resources: All internet resources with Global Secure Access

  3. Access controls

  Grant: Require multifactor authentication

  4. Enable policy: On

  Global Secure Access traffic forwarding is configured as shown in the following exhibit.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Yes, Yes, No

  User1's traffic to Microsoft services is forwarded through Global Secure Access from RemoteNetwork1, so the Conditional Access policy targeting internet resources with Global Secure Access is evaluated and requires MFA.

  User2's device traffic is forwarded through Global Secure Access from RemoteNetwork1 even without the client, so the policy is evaluated and requires MFA.

  User3 is on RemoteNetwork2, which isn't assigned to the Microsoft traffic forwarding profile, so the sign-in to Exchange Online isn't evaluated under the Global Secure Access internet-resources policy and MFA isn't required by that policy.