Microsoft SC-300 Online Practice Questions and Exam Preparation

Microsoft SC-300 Online Questions & Answers

• Question 81:

  You have an Azure subscription that uses Microsoft Entra Privileged Identity Management (PIM). You need to identify users that are eligible for the Cloud Application Administrator role.

  Which blade in the Privileged Identity Management settings should you use?

  A. Azure resources
  B. Privileged access groups
  C. Review access
  D. Microsoft Entra roles
  D. Microsoft Entra roles

• Question 82:

  You have a Microsoft Entra tenant that contains the users shown in the following table.

  

  The tenant has the authentication methods shown in the following table.

  

  Which users will sign in to cloud apps by matching a number shown in the app with a number shown on their phone?

  A. User1 only
  B. User2 only
  C. User3 only
  D. User1 and User2 only
  E. User2 and User3 only
  A. User1 only

  ---

  Explanation

  Microsoft Authenticator

  You can also allow your employee's phone to become a passwordless authentication method. You may already be using the Authenticator app as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.

  The Authenticator App turns any iOS or Android phone into a strong, passwordless credential. Users can sign in to any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm.

  Incorrect:

  1. Not User2 FIDO2 security keys.

  The FIDO (Fast IDentity Online) Alliance helps to promote open authentication standards and reduce the use of passwords as a form of authentication. FIDO2 is the latest standard that incorporates the web authentication (WebAuthn) standard. come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO2 security keys are an unphishable standards-based passwordless authentication method that can FIDO allows users and organizations to leverage the standard to sign in to their resources without a username or password using an external security key or a platform key built into a device.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

• Question 83:

  HOTSPOT

  Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains computers that run Windows 11.

  You have a Microsoft 365 E5 subscription.

  You plan to enable hybrid join and enroll the computers in Microsoft Intune.

  You need to recommend the software that should be deployed to the domain, and the actions that should be performed in Intune.

  What should you include in the recommendation? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Domain - Intune Connector for Active Directory

  Deploy Microsoft Entra hybrid joined devices by using Intune and Windows Autopilot

  Intune connector server requirements:

  1. The Intune Connector for Active Directory must be installed on a computer that's running Windows Server 2016 or later with.NET Framework version 4.7.2 or later.

  2. The server hosting the Intune Connector must have access to the Internet and Active Directory.

  Box 2: Intune - Modify the mobile device management (MDM) User scope

  Set up Windows automatic MDM enrollment 1. Sign in to the Azure portal and select Microsoft Entra ID.

  2. In the left hand pane, select Manage | Mobility (MDM and WIP) > Microsoft Intune.

  3. Make sure users of a group included in MDM User scope. who deploy Microsoft Entra joined devices by using Intune and Windows are members 4. Use the default values in the MDM Terms of use URL, MDM Discovery URL, and MDM Compliance URL boxes, and then select Save.

  References:

  https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybrid

• Question 84:

  You have an Azure Active Directory (Azure AD) tenant that uses Azure AD Identity Protection and contains the resources shown in the following table.

  

  Azure Multi-factor Authentication (MFA) is enabled for all users.

  User1 triggers a medium severity alert that requires additional investigation.

  You need to force User1 to reset his password the next time he signs in. The solution must minimize administrative effort.

  What should you do?

  A. Reconfigure the user risk, policy to trigger on medium or low severity.
  B. Mark User1 as compromised.
  C. Reset the Azure MIFA registration for User1.
  D. Configure a sign-in risk policy.
  B. Mark User1 as compromised.

• Question 85:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You use Azure Monitor to analyze Microsoft Entra ID activity logs.

  You receive more than 100 email alerts each day for failed Microsoft Entra ID user sign-in attempts.

  You need to ensure that a new security administrator receives the alerts instead of you.

  Solution: From Microsoft Entra ID, you create an assignment for the Insights Administrator role.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

• Question 86:

  HOTSPOT

  You have an Azure subscription.

  From Entitlement management, you plan to create a catalog named Catalog1 that will contain a custom extension.

  What should you create first and what should you use to distribute Catalog1? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 87:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant.

  All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.

  Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

  You need to block the users automatically when they report an MFA request that they did not Initiate.

  Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).

  Does this meet the goal?

  A. Yes
  B. No
  A. Yes

  ---

  Explanation

  The fraud alert feature lets users report fraudulent attempts to access their resources. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt using the Microsoft Authenticator app or through their phone.

  The following fraud alert configuration options are available:

  1. Automatically block users who report fraud.

  2. Code to report fraud during initial greeting.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

• Question 88:

  HOTSPOT

  You have a Microsoft Entra tenant that contains two remote networks named RemoteNetworkl and RemoteNetwork2 and the users shown in the following table.

  

  You have the devices shown in the following table.

  

  

• Question 89:

  You have an Azure Active Directory (Azure AD) tenant named Contoso that contains a terms of use (Toll) named Terms and an access package. Contoso users collaborate with an external organization named Fabrikam. Fabrikam users must accept Terms1 before being allowed to use the access package.

  You need to identify which users accepted or declined Terms.

  What should you use?

  A. sign-in logs
  B. the Usage and Insights report
  C. provisioning logs
  D. audit logs
  D. audit logs

• Question 90:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft 365 tenant.

  You have 100 IT administrators who are organized into 10 departments.

  You create the access review shown in the exhibit. (Click the Exhibit tab.)

  

  You discover that all access review requests are received by Megan Bowen.

  You need to ensure that the manager of each department receives the access reviews of their respective department.

  Solution: You modify the properties of the IT administrator user accounts.

  Does this meet the goal?

  A. Yes
  B. No
  A. Yes

  ---

  Explanation

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review