You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret1.
You enable a system-assigned managed identity for Automation1.
You need to ensure that Automation1 can read the contents of Secret1. The solution must meet the following requirements:
1. Prevent Automation1 from accessing other secrets stored in Vault1.
2. Follow the principle of least privilege.
What should you do?
A. From Vault1, configure the Access control (IAM) settings.HOTSPOT
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2. The subscription contains the users shown in the following table.

You create the following Conditional Access policies:
- Name: Policy1
- Users:
o Include: Group1
o Exclude: Group2
- Target resources:
o Include: All cloud apps
- Grant:
o Grant access: Require multi-factor authentication
- Session:
o Persistent browser session: Never persistent
- Name: Policy2
- Users:
o Include:
- Directory roles: Global Administrator
- Users and groups: User3
o Exclude: Group2
- Target resources:
o Include: All cloud apps
- Session:
o Sign-in frequency:
- Periodic authentication: 2 hours
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have a management group named Group1 that contains two Azure subscriptions named Sub1 and Sub2. The subscriptions are linked to a Microsoft Entra tenant that contains a user named User1.
You need to ensure that User1 can onboard Sub1 to Permissions Management. The solution must follow the principle of least privilege.
Which permission should you grant to User1?
A. Microsoft.Authorization/roleAssignments/read for Sub1You have a Microsoft Entra tenant.
You need to configure continuous access evaluation for app sign-ins and assign the configuration to users that are assigned the Application Administrator role.
What should you configure?
A. a sign-in risk policyHOTSPOT
You have a Microsoft 365 tenant and an Active Directory domain named adatum.com.
You deploy Azure AD Connect by using the Express Settings.
You need to configure self-service password reset (SSPR) to meet the following requirements:
1. When users reset their password, they must be prompted to respond to a mobile app notification or answer three predefined security questions.
2. Passwords must be synced between the tenant and the domain regardless of where the password was reset.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?
A. an access reviewYou have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?
A. Group1 onlyHOTSPOT
You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country.
What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft Exchange organization that uses an SMTP' address space of contoso.com.
Several users use their contoso.com email address for self-service sign up to Azure Active Directory (Azure AD).
You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.
You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?
A. Set-MsolCompanySettingsDRAG DROP
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Microsoft exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SC-300 exam preparations and Microsoft certification application, do not hesitate to visit our Vcedump.com to find your solutions here.