Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 371:

  You have a Microsoft 365 tenant.

  You have an Active Directory domain that syncs to the Azure Active Directory {Azure AD) tenant.

  Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.

  You plan to manage access to external applications by using Azure AD.

  You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.

  What should you use to gather the information?

  A. Cloud App Discovery in Microsoft Defender for Cloud Apps
  B. enterprise applications in Azure AD
  C. access reviews in Azure AD
  D. Application Insights in Azure Monitor
  A. Cloud App Discovery in Microsoft Defender for Cloud Apps

• Question 372:

  You have a Microsoft Entra tenant.

  You need to ensure that users must register authentication methods upon first sign-in.

  What should you configure?

  A. MFA policy
  B. Registration campaign
  C. Conditional Access
  D. Identity Protection
  B. Registration campaign

  ---

  Explanation

  A registration campaign enforces users to register authentication methods during sign-in.

• Question 373:

  HOTSPOT

  You have a Microsoft 365 tenant.

  You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

  

  You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

  

  You view the User administrator role assignments as shown in the Rote assignments exhibit. (Click the Role assignments lab.)

  

  For each of the following statement, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 374:

  You have a Microsoft 365 tenant.

  All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

  Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

  You need to block the users automatically when they report an MFA request that they did not Initiate.

  Solution: From the Azure portal, you configure the Block/unblock users settings for multi-factor authentication (MFA).

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  You need to configure the fraud alert settings.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

• Question 375:

  DRAG DROP

  You have an Azure AD tenant that contains a user named Admin1.

  Admin1 uses the Require password change for high-risk user's policy template to create a new Conditional Access policy.

  Who is included and excluded by default in the policy assignment? To answer, drag the appropriate options to the correct target. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

• Question 376:

  You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

  

  The User settings for enterprise applications have the following configurations:

  1. Users can consent to apps accessing company data on their behalf: No

  2. Users can consent to apps accessing company data for the groups they own: No

  3. Users can request admin consent to apps they are unable to consent to: Yes

  Who can review admin consent requests: Admin2, User2

  User1 attempts to add an app that requires consent to access company data.

  Which user can provide consent?

  A. User1
  B. User2
  C. Admin1
  D. Admin2
  C. Admin1

• Question 377:

  Your network contains an on-premises Active Directory domain that syncs to an Azure AD tenant.

  Users sign in to computers that run Windows 10 and are joined to the domain.

  You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).

  You need to configure the Windows 10 computers to support Azure AD Seamless SSO.

  What should you do?

  A. Modify the Local intranet zone settings
  B. Configure Sign-in options from the Settings app.
  C. Enable Enterprise State Roaming.
  D. Install the Azure AD Connect Authentication Agent.
  A. Modify the Local intranet zone settings

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

• Question 378:

  HOTSPOT

  You have an Azure Active Directory (Azure AD) tenant that has Security defaults disabled.

  You are creating a conditional access policy as shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

  NOTE: Each correct selection is worth one point.

  

  

• Question 379:

  You have a Microsoft Entra tenant.

  You need to ensure that users can report suspicious MFA prompts and be automatically blocked.

  What should you configure?

  A. Account lockout settings
  B. Fraud alert settings
  C. Conditional Access
  D. Identity Protection
  B. Fraud alert settings

  ---

  Explanation

  Fraud alert settings allow users to report suspicious MFA requests and can automatically block their accounts.

• Question 380:

  HOTSPOT

  You have an Azure subscription named Sub1 that contains two storage accounts named storage1 and storage2 and the blob containers shown in the following table.

  

  Sub1 contains the users shown in the following table.

  

  Condition1 has the following definition:

  

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: No - User1 can read the contents of blob 2.

  User1 has the Reader role. Does not apply to the blob container. User1 also has the Storage Blob Data Reader with Condition1. Blob2 is in Cont2. Condition1 will be false: The action is..blob/reads Resource name is cont2 not cont1

  Note: Storage Blob Data Reader Read and list Azure Storage containers and blobs.

  Box 2: Yes - User1 can read the contents of blob 3.

  Blob3 is in cont 1. Condition1 will be true.

  Box 3: Yes - User2 can read the contents of blob 1.

  User2 has the Reader role. Does not apply to the blob container. User2 also has the Storage Blob Data Owner Role with Condition2. blob1 is in cont1 Condition2 will be true, as the action is read, not a write.