Practice Free SC-300 Exam Online Questions
You have a Microsoft 365 tenant.
All users have computers that run Windows 10. Most computers are company-owned and joined to Azure Active Directory (Azure AD). Some computers are user-owned and are only registered in Azure AD.
You need to prevent users who connect to Microsoft SharePoint Online on their user-owned computer from downloading or syncing files. Other users must NOT be restricted.
Which policy type should you create?
- A . a Microsoft Cloud App Security activity policy that has Microsoft Office 365 governance actions configured
- B . an Azure AD conditional access policy that has session controls configured
- C . an Azure AD conditional access policy that has client apps conditions configured
- D . a Microsoft Cloud App Security app discovery policy that has governance actions configured
B
Explanation:
Reference: https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad
You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements.
What should you configure?
- A . named locations that have a private IP address range
- B . named locations that have a public IP address range
- C . trusted IPs that have a public IP address range
- D . trusted IPs that have a private IP address range
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Location offer your country set, IP ranges MFA trusted IP and corporate network VPN gateway IP address: This is the public IP address of the VPN device for your on-premises network. The VPN device requires an IPv4 public IP address. Specify a valid public IP address for the VPN device to which you want to connect. It must be reachable by Azure Client Address space: List the IP address ranges that you want routed to the local on-premises network through this gateway. You can add multiple address space ranges. Make sure that the ranges you specify here do not overlap with ranges of other networks your virtual network connects to, or with the address ranges of the virtual network itself.
You have a Microsoft 365 ES subscription that user Microsoft Defender for Cloud Apps and Yammer.
You need prevent users from signing in to Yammer from high-risk locations.
What should you do in the Microsoft Defender for Cloud Apps portal?
- A . Create an access Policy.
- B . Create an activity policy.
- C . Unsanction Yammer.
- D . Create an anomaly detection policy.
HOTSPOT
You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Server1
On DC1
You have an Azure AD tenant and a .NET web app named App1. You need to register App1 for Azure AD authentication.
What should you configure for App1?
- A . the executable name
- B . the bundle ID
- C . the package name
- D . the redirect URI
You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.
What should you do first?
- A . Modify the User consent settings for the enterprise applications.
- B . Create a catalog.
- C . Create a program.
- D . Modify the Admin consent requests settings for the enterprise applications.
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
DRAG DROP
You have a Microsoft 365 E5 tenant.
You purchase a cloud app named App1.
You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-any-app
https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad
You need to resolve the issue of the guest user invitations.
What should you do for the Azure AD tenant?
- A . Configure the Continuous access evaluation settings.
- B . Modify the External collaboration settings.
- C . Configure the Access reviews settings.
- D . Configure a Conditional Access policy.
SIMULATION
Task 1
You need to deploy multi factor authentication (MFA).
The solution must meet the following requirements:
• Require MFA registration only for members of the Sg-Finance group.
• Exclude Debra Berger from having to register for MFA.
• Implement the solution without using a Conditional Access policy.
Open the Microsoft Entra admin center:
Sign in as a Security Administrator or Global Administrator.
Navigate to MFA settings:
Go to Users > Active users.
On the Active users page, select Multi-factor authentication.
Manage user settings:
Find and select the Sg-Finance group.
Enable MFA for this group by setting the requirement status to Enabled.
Exclude a user from MFA:
In the Multi-factor authentication page, search for Debra Berger. Set her MFA status to Disabled to exclude her from MFA registration. Verify the configuration:
Ensure that all members of the Sg-Finance group have MFA enabled except for Debra Berger.
Communicate the change:
Inform the Sg-Finance group members about the MFA requirement and provide instructions on how to register for MFA.
Monitor the setup:
Check the sign-in logs to confirm that MFA is being prompted for the Sg-Finance group members and not for Debra Berger.
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.
In Azure AD. you add a new enterprise application named Appl.
Which groups can you assign to App1?
- A . Group1 and Group2 only
- B . Group2 only
- C . Group3 only
- D . Group1 only
- E . Group1 and Group4