Practice Free SC-300 Exam Online Questions
You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management.
Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?
- A . From the Roles/Policies subtab. create a role.
- B . From the My Requests subtab, create a new request.
- C . From the Permissions subtab, use a quick action.
- D . From the Role/Policy Template subtab. create a template.
HOTSPOT
You have a Microsoft 365 tenant.
You need to Identity users who have leaked credentials.
The solution must meet the following requirements:
• Identity sign-ms by users who are suspected of having leaked credentials.
• Flag the sign-ins as a high-risk event.
• Immediately enforce a control to mitigate the risk, while still allowing the user to access applications.
What should you use? To answer, select the appropriate options m the answer area.
You create a new Microsoft 365 E5 tenant.
You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA).
What should you configure?
- A . a sign-in risk policy
- B . a user risk policy
- C . an MFA registration policy
SIMULATION
Task 2
You need to implement a process to review guest users who have access to the Salesforce app.
The review must meet the following requirements:
• The reviews must occur monthly.
• The manager of each guest user must review the access.
• If the reviews are NOT completed within five days, access must be removed.
• If the guest user does not have a manager, Megan Bowen must review the access.
Here’s a step-by-step guide:
Assign the appropriate role:
Ensure you have one of the following roles: Global Administrator, User Administrator, or Identity Governance Administrator1.
Navigate to Identity Governance:
Sign in to the Microsoft Entra admin center.
Go to Identity governance > Access reviews1.
Create a new access review:
Select New access review.
Choose the Salesforce app to review guest user access1.
Configure the review settings:
Set the frequency of the review to monthly.
Define the duration of the review period to 5 days1.
Determine the reviewers:
Assign the manager of each guest user as the reviewer.
If a guest user does not have a manager, assign Megan Bowen as the reviewer1.
Automate the removal process:
Configure settings to automatically remove access if the review is not completed within the specified time frame1.
Monitor and enforce compliance:
Regularly check the access review results to ensure compliance with the review policy1.
Communicate the process:
Inform all stakeholders about the new review process and provide guidance on how to complete the reviews.
By following these steps, you can ensure that guest users’ access to the Salesforce app is reviewed monthly, with managers being responsible for the review, and access is removed if the review is not completed in time.
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
The domain contains the servers shown in the following table.
The domain controllers are prevented from communicating to the internet.
You implement Azure AD Password Protection on Server1 and Server2.
You deploy a new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails.
What should you implement on Server4?
- A . Azure AD Connect
- B . Azure AD Application Proxy
- C . Password Change Notification Service (PCNS)
- D . the Azure AD Password Protection proxy service
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesdeploy
SIMULATION
Task 9
You need to ensure that when users in the Sg-Operations group go to the My Apps portal a tab named Operations appears that contains only the following applications:
• Unkedln
• Box
LinkedIn and Box applications in the My Apps portal, you can create a collection with these specific applications.
Here’s how to do it:
Sign in to the Microsoft Entra admin center:
Make sure you have one of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
Navigate to App launchers:
Go to Identity > Applications > Enterprise applications.
Under Manage, select App launchers.
Create a new collection:
Click on New collection.
Enter “Operations” as the Name for the collection.
Provide a Description if necessary.
Add applications to the collection:
Select the Applications tab within the new collection.
Click on + Add application.
Search for and select LinkedIn and Box applications.
Click Add to include them in the collection.
Assign the collection to the Sg-Operations group:
Select the Users and groups tab.
Click on + Add users and groups.
Search for and select the Sg-Operations group.
Click Select to assign the collection to the group.
Review and create the collection:
Select Review + Create to check the configuration.
If everything is correct, click Create to finalize the collection.
By following these steps, when users in the Sg-Operations group visit the My Apps portal, they will see a new tab named “Operations” that contains only the LinkedIn and Box applications1.
Please note that to create collections on the My Apps portal, you need a Microsoft Entra ID P1 or P2 license1.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender.
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription that contains a virtual machine named VM1 and an Azure key vault named Vault1. VM1 has a system-assigned managed identity. You need to ensure that VM1 can retrieve the values of secrets stored in Vault 1. The solution must minimize administrative effort.
What should you do first?
- A . Configure the Resource access settings for Vault1.
- B . Configure the permissions model for Vault1
- C . Add a user-assigned managed identity to VM1.
- D . Assign an Azure role to VM1.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not initiate.
Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You need to configure the fraud alert settings.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
You have an Azure AD tenant that contains a user named User1 and a registered app named App1.
User1 deletes the app registration of Appl.
You need to restore the app registration.
What is the maximum number of days you have to restore the app registration from when it was deleted?
- A . 14
- B . 30
- C . 60
- D . 180