You have an Azure Active Directory (Azure AD) tenant that uses Azure AD Identity Protection and contains the resources shown in the following table.
Azure Multi-factor Authentication (MFA) is enabled for all users.
User1 triggers a medium severity alert that requires additional investigation.
You need to force User1 to reset his password the next time he signs in.
The solution must minimize administrative effort.
What should you do?
A. Reconfigure the user risk, policy to trigger on medium or low severity. B. Mark User1 as compromised. C. Reset the Azure MIFA registration for User1. D. Configure a sign-in risk policy.
B. Mark User1 as compromised.
Question 393:
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to enable Microsoft Defender for Cloud Apps session control for Site1.
Which type of policy should you create first?
A. access B. app governance C. session D. Conditional Access
D. Conditional Access
Explanation
Create Microsoft Defender for Cloud Apps session policies Microsoft Defender for Cloud Apps session policies provide granular visibility into cloud apps with real-time, session-level monitoring. Use session policies to take various actions, depending on the policy you set for a user session.
In contrast to access policies, which allow or block access completely, session policies allow access while monitoring the session. Add Conditional Access app control to your session policies to limit specific session activities.
Prerequisites:
The relevant apps onboarded to Conditional Access app control. Microsoft Entra ID apps are automatically onboarded, while non-Microsoft IdP apps must be onboarded manually.
You have an Azure subscription named Sub1 that contains a storage account named storage1.
You need to deploy two apps named App1 and App2 that will have the following configurations:
1. App1 will be deployed as a registered app in Sub1.
2. App1 will access storage1 by using Microsoft Entra authentication.
3. App2 will access storage1 by using a single Microsoft Entra identity.
4. App2 be hosted on two new virtual machines named VM1 and VM2.
The solution must minimize administrative effort.
Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 395:
You have a Microsoft 365 E5 subscription that contains a user named User1. User1 is eligible for the Application Administrator role.
User1 needs to configure a new connector group for an application proxy.
What should you use to activate the role for User1?
A. the Microsoft 365 Defender portal B. the Microsoft 365 admin center C. the Microsoft Intune admin center D. the Microsoft Entra admin center
C. the Microsoft Intune admin center
Question 396:
SIMULATION
You need to prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID.
A. See the Explanation Below B. PlaceHolder C. PlaceHolder D. PlaceHolder
A. See the Explanation Below
Explanation
To prevent all users from using legacy authentication protocols when authenticating to Microsoft Entra ID, you can create a Conditional Access policy that blocks legacy authentication. Here's how to do it:
By following these steps, you will block legacy authentication protocols for all users, enhancing the security posture of your organization by requiring modern authentication methods. Remember to monitor the impact of this policy and adjust as necessary to ensure business continuity.
Question 397:
You have an Azure AD tenant.
You plan to implement Azure AD Privileged Identity Management (PIM).
Which roles can you manage by using PIM?
A. Global Administrator only B. Global Administrator and Security Administrator only C. Global Administrator, Security Administrator, and Security Contributor only D. Account Administrator, Global Administrator, Security Administrator, and Security Contributor only
B. Global Administrator and Security Administrator only
Explanation
For Microsoft Entra roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators.
You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
A. From the Role/Policy Template subtab, create a template. B. From the My Requests subtab, create a new request. C. From the Roles/Policies subtab, create a role. D. From the Permissions subtab, use a quick action.
You have a Microsoft 365 E5 subscription that has a Conditional Access policy named Policy1.
You need to perform the following actions:
Create a Conditional Access App Control custom policy named Custom1. Configure Policy1 to use Custom1.
What should you use to create Custom1, and in which settings of Policy1 should you enable Conditional Access App Control? To answer, select the appropriate options in the answer area,
NOTE: Each correct selection is worth one point.
Box 1: Microsoft Entra admin center
The "Conditional Access App Control" custom policy is created within the Microsoft Entra admin center. Specifically, you'll find it under Protection > Conditional Access > Policies. You can also access it through Identity > Protection > Conditional Access.
Here's a more detailed breakdown:
Navigate to the Microsoft Entra admin center: Access the admin center through your Microsoft 365 portal or a dedicated portal.
Locate Conditional Access:
Find the "Conditional Access" section within the admin center.
Create or modify a policy: You can either create a new policy or modify an existing one. When creating a new policy, you will find the "Use Conditional Access App Control" option in the session access control settings.
Enable Conditional Access App Control. [Box 2]
Box 2: Session
Define session controls:
Within the Conditional Access policy, you'll need to select "Use custom policy" in the Session controls.
Under the "Session" section, you can enable Conditional Access App Control. This allows you to leverage Microsoft Defender for Cloud Apps for session controls and custom policies.
Question 400:
You have a Microsoft Entra tenant with Privileged Identity Management (PIM).
You need to ensure that users activate roles only when required.
What should you configure?
A. Active assignment B. Eligible assignment C. Permanent assignment D. Group-based assignment
B. Eligible assignment
Explanation
Eligible assignments require users to activate roles when needed, supporting just-in-time access and reducing standing privileges.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SC-300 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.