Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Microsoft SC-300

Microsoft SC-300 Exam Practice Questions (P. 4)

  • Full Access (408 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
You have an Azure Active Directory (Azure AD) tenant that: contains a user named User1.
You need to ensure that User1 can create new catalogs and add1 resources to the catalogs they own.
What should you do?
  1. A
    From the Roles and administrators blade, modify the Groups administrator role.
  2. B
    From the Roles and administrators blade, modify the Service support administrator role.
  3. C
    From the Identity Governance blade, modify the Entitlement management settings.
  4. D
    From the Identity Governance blade, modify the roles and administrators for the General catalog.

Correct Answer:
C
Create and manage a catalog of resources in Azure AD entitlement management.
Create a catalog.
A catalog is a container of resources and access packages. You create a catalog when you want to group related resources and access packages. A user who has been delegated the catalog creator role can create a catalog for resources that they own. Whoever creates the catalog becomes the first catalog owner. A catalog owner can add more users, groups of users, or application service principals as catalog owners.
Prerequisite roles: Global administrator, Identity Governance administrator, User administrator, or Catalog creator.
Incorrect:
* Groups Administrator - Members of this role can create/manage groups, create/manage groups settings like naming and expiration policies, and view groups activity and audit reports.
* Service Support Administrator
Users with this role can create and manage support requests with Microsoft for Azure and Microsoft 365 services, and view the service dashboard and message center in the Azure portal and Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-catalog-create https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Question #32
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the Windows 10 computers to support Azure AD Seamless SSO.
What should you do?
  1. A
    Configure Sign-in options from the Settings app.
  2. B
    Enable Enterprise State Roaming.
  3. C
    Modify the Local intranet Zone settings.
  4. D
    Install the Azure AD Connect Authentication Agent.

Correct Answer:
A
Enable Seamless SSO through Azure AD Connect.
At the User sign-in page, select the Enable single sign on option.

Note:
The option will be available for selection only if the Sign On method is Password Hash Synchronization or Pass-through Authentication.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Question #33
Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture for both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 365 licenses.
What should you do?
  1. A
    Configure Azure AD Application Proxy in the Contoso West tenant.
  2. B
    Invite the Contoso East users as guests in the Contoso West tenant.
  3. C
    Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
  4. D
    Configure the existing Azure AD Connect server in Contoso East to sync the Contoso East Active Directory forest to the Contoso West tenant.

Correct Answer:
B
Before any of your users can grant SharePoint Online team site access to external guests, you will have to enable guest sharing from within Azure Active
Directory.
Reference:
https://redmondmag.com/articles/2020/03/11/guest-access-sharepoint-online-team-sites.aspx https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/multi-tenant-common-considerations

Question #34
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.
You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.
What should you do first?
  1. A
    Disable the User consent settings.
  2. B
    Disable Security defaults.
  3. C
    Configure a multi-factor authentication (MFA) registration policy.
  4. D
    Configure password protection for Windows Server Active Directory.

Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

Question #35
Your company has a Microsoft 365 tenant.
The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.
The users are prohibited from having a mobile phone in the call center.
You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.
What should you include in the solution?
  1. A
    a named network location
  2. B
    the Microsoft Authenticator app
  3. C
    Windows Hello for Business authentication
  4. D
    FIDO2 tokens

Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

Question #36
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication.
What should you include in the conditional access policies to filter out legacy authentication attempts?
  1. A
    a cloud apps or actions condition
  2. B
    a user risk condition
  3. C
    a client apps condition
  4. D
    a sign-in risk condition

Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

Question #37
You have an Azure Active Directory (Azure AD) tenant.
You open the risk detections report.
Which risk detection type is classified as a user risk?
  1. A
    impossible travel
  2. B
    anonymous IP address
  3. C
    atypical travel
  4. D
    leaked credentials

Correct Answer:
D
Leaked credentials indicates that the user's valid credentials have been leaked.
Note:
There are several versions of this question in the exam. The question can have other incorrect answer options, including the following:
✑ password spray
✑ malicious IP address
✑ unfamiliar sign-in properties
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

Question #38
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user- owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
  1. A
    a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured
  2. B
    an Azure AD conditional access policy that has session controls configured
  3. C
    an Azure AD conditional access policy that has client apps conditions configured
  4. D
    a Microsoft Cloud App Security app discovery policy that has governance actions configured

Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad

Question #39
You have an Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server does NOT support Azure Multi-
Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
  1. A
    Azure AD Application Proxy
  2. B
    an Azure AD Password Protection proxy
  3. C
    Network Policy Server (NPS)
  4. D
    a pass-through authentication proxy

Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

Question #40
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant is configured to sync with an on-premises Active Directory domain. The domain contains the servers shown in the following table.

The domain controllers are prevented from communicating to the internet.
You implement Azure AD Password Protection on Server1 and Server2.
You deploy a new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails.
What should you implement on Server4?
  1. A
    Azure AD Connect
  2. B
    Azure AD Application Proxy
  3. C
    Password Change Notification Service (PCNS)
  4. D
    the Azure AD Password Protection proxy service

Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy

Previous Questions Next Questions

All Pages