Practice Free SC-300 Exam Online Questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create a user named User1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the User Administrator role to User1.
Does this meet the goal?
- A . Yes
- B . No
DRAG DROP
You have an Azure subscription that contains the resources shown in the following table.
The subscription uses Privileged Identity Management (PIM).
You need to configure the following access controls by using PIM:
• Ensure that User1 can read and update Secret1.
• Ensure that User2 can read the contents of the secrets stored in Vault2.
The solution must follow the principle of least privilege.
Which authorization method should you use for each user? To answer, drag the appropriate authorization methods to the correct users. Each authorization method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].
What should you do?
- A . Run the New-AzureADMSInvitation cmdlet.
- B . Configure the External collaboration settings.
- C . Add a WS-Fed identity provider.
- D . Implement Azure AD Connect.
A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.
Which objects can you add as members to Group3?
- A . User2 and Group2 only
- B . User2, Group1, and Group2 only
- C . User1, User2, Group1 and Group2
- D . User1 and User2 only
- E . User2 only
E
Explanation:
Reference: https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups-nesting/
HOTSPOT
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table.
In Azure AD Connect. Domain/OU Filtering is configured as shown in the following exhibit.
Azure AD Connect is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure AD tenant that contains an access package named Package1 and a user named User1.
Package1 is configured as shown in the following exhibit.
You need to ensure that User1 can modify the review frequency of Package1. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A . Privileged role administrator
- B . User administrator
- C . External Identity Provider administrator
- D . Security administrator
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
- A . OAuth app policy
- B . anomaly detection polio
- C . access policy
- D . activity policy
HOTSPOT
You have two Microsoft Entra tenants named contoso.com and fabhkam.com.
Contoso.com contains the users shown in the following table.
Contoso.com contains the groups shown in the following table.
You configure cross-tenant synchronization from contoso.com to fabrikam.com and enable cross-tenant synchronization for User3 and Group2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
Your network contains an on-premises Active Directory domain named contoso.com.
The domain contains the objects shown in the following table.
You install Azure AD Connect.
You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)
You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Explanation:
Only direct members of Group1 are synced. Group2 will sync as it is a direct member of Group1 but the members of Group2 will not sync.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
You have an Azure AD tenant named contoso.com that contains the resources shown in the following table.
You create a user named Admin 1.
You need to ensure that Admin can enable Security defaults for contoso.com.
What should you do first?
- A . Configure Identity Governance.
- B . Delete Package1.
- C . Delete CAPolicy1.
- D . Assign Admin1 the Authentication administrator role for Au1
D
Explanation:
To enable Security defaults for contoso.com, you should first sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator. Then, browse to Azure Active Directory > Properties and select Manage security defaults. Set the Enable security defaults toggle to Yes and select Save.
After that, you can assign Admin1 the Identity Administrator role for Au1 to enable them to manage security defaults for the tenant.
https://practical365.com/what-are-azure-ad-security-defaults-and-should-you-use-them/