Practice Free SC-300 Exam Online Questions
HOTSPOT
You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3.
You have two Azure AD roles that have the Activation settings shown in the following table.
The Azure AD roles have the Assignment settings shown in the following table.
The Azure AD roles have the eligible users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure AD tenant that contains the users shown in the following table.
In Azure AD Identity Protection, you configure a user risk policy that has the following settings:
• Assignments:
o Users: Group1
o User risk: Low and above
• Controls:
o Access: Block access
• Enforce policy: On
In Azure AD Identity Protection, you configure a sign-in risk policy that has the following settings:
• Assignments:
o Users: Group2
o Sign-in risk: Low and above
• Controls:
o Access: Require multi-factor authentication
• Enforce policy. On the following settings: ng settings:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Topic 4, Misc. Questions
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com.
The company has the business partners shown in the following table.
users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqe1 that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.
- A . 1
- B . 2
- C . 3
- D . 4
Your company has a Microsoft 365 tenant.
The company has a call center that contains 300 users. In the call center, the users share desktop computers and might use a different computer every day. The call center computers are NOT configured for biometric identification.
The users are prohibited from having a mobile phone in the call center.
You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.
What should you include in the solution?
- A . a named network location
- B . the Microsoft Authenticator app
- C . Windows Hello for Business authentication
- D . FIDO2 tokens
D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless
You have a Microsoft Entra tenant that has a Microsoft Entra ID P1 license.
You need to review the Microsoft Entra ID sign-in logs to investigate sign-ins that occurred in the past.
For how long does Microsoft Entra ID store events in the sign-in logs?
- A . 14 days
- B . 30 days
- C . 90days
- D . 365 days
You need implement the planned changes for application access to organizational data.
What should you configure?
- A . authentication methods
- B . the User consent settings
- C . access packages
- D . an application proxy
SIMULATION
Task 4
You need to ensure that all users can consent to apps that require permission to read their user profile. Users must be prevented from consenting to apps that require any other permissions.
Here’s how you can do it:
Sign in as a Global Administrator:
Access the Microsoft Entra admin center with Global Administrator privileges.
Navigate to user consent settings:
Go to Identity > Applications > Enterprise applications > Consent and permissions > User consent settings1.
Configure the consent settings:
Under User consent for applications, select the option that allows users to consent to apps that only require permission to read their user profile.
Ensure that all other permissions are set to require administrator consent, thus preventing users from consenting to apps that require additional permissions1.
Save the settings:
After configuring the consent settings, select Save to apply the changes.
By following these steps, you will have configured the system to allow user consent for apps that need to read the user profile while blocking consent for apps that require additional permissions. This setup helps maintain user autonomy where appropriate while safeguarding against unauthorized access to broader permissions.
You need to meet the planned changes and technical requirements for App1.
What should you implement?
- A . a policy set in Microsoft Endpoint Manager
- B . an app configuratifon policy in Microsoft Endpoint Manager
- C . an app registration in Azure AD
- D . Azure AD Application Proxy
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solutio.n. NOTE: Each correct selection is worth one point.
- A . email address
- B . redirection URL
- C . username
- D . shared key
- E . password
AB
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite
HOTSPOT
You have an Azure subscription named Sub1 ilia1 contains a storage account named storage1.
You need to deploy two apps named App1 and App2 that will have the following configurations:
• App1 will be deployed as a registered app in Sub1.
• App1 will access storage1 by using Microsoft Entra authentication.
• App2 will access storage1 by using a single Microsoft Entra identity.
• App2 be hosted on two new virtual machines named VM1 and VM2.
The solution must minimize administrative effort.
Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.
