Practice Free SC-300 Exam Online Questions

Question #1

You have a Microsoft 365 E5 subscription.

You need to ensure that users are prompted to accept a custom terms of use (Toll) agreement when they sign in to the subscription.

What should you configure?

A . an access package
B . a Conditional Access policy
C . a lifecycle workflow
D . an authentication method

Reveal Solution Hide Solution

Question #2

You have an Azure subscription named Sub1 that contains a user named User1.

You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

A . User Access Administrator
B . Permissions Management Administrator
C . Billing Administrator
D . Global Administrator

Reveal Solution Hide Solution

Question #3

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as members to Group3?

A . User2 and Group2 only
B . User2, Group1, and Group2 only
C . User1, User2, Group1 and Group2
D . User1 and User2 only
E . User2 only

Reveal Solution Hide Solution

Question #4

HOTSPOT

Your network contains an on-premises Active Directory domain named contoso.com.

The domain contains the objects shown in the following table.

You install Azure AD Connect.

You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filteringtab.)

You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Reveal Solution Hide Solution

Question #5

You have a Microsoft Entra tenant that contains the users shown in the following table:

Admin4 creates a Conditional Access policy named Policy1 by using the "Require multifactor authentication for Azure management" template.

Which users will be required to use multi-factor authentication (MFA) the next time they sign in?

A . Admin2 and Admin3 only
B . Admin1 and Admin4 only
C . Admin1, Admin2, and Admin3 only
D . Admin1, Admin2, Admin3, and Admin4

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Comprehensive and Detailed In-Depth

Let’s break this down step by step based on Microsoft Entra ID Conditional Access policies, the "Require multifactor authentication for Azure management" template, and the roles assigned to the users, as outlined in Microsoft Identity and Access Administrator documentation.

Understanding the "Require multifactor authentication for Azure management" Template: Microsoft Entra ID Conditional Access policies allow administrators to enforce security controls, such as requiring multi-factor authentication (MFA), based on specific conditions.

The "Require multifactor authentication for Azure management" template is a predefined Conditional Access policy template in Microsoft Entra ID. This template is designed to secure access to Azure management interfaces, such as the Azure portal, Azure PowerShell, Azure CLI, and other Azure management endpoints.

Key Details of the Template:

Cloud Apps or Actions: The template targets the "Microsoft Azure Management" cloud app. This includes all Azure management interfaces but does not apply to other cloud apps (e.g., Microsoft 365 apps).

Users: By default, the template applies to "All users," but it can be modified to include or exclude specific users or groups. The question does not specify any modifications, so we assume the default "All users" scope.

Conditions: Typically, there are no specific conditions (e.g., device state, location) in this template unless modified.

Grant Controls: The template enforces "Require multi-factor authentication" as the access control. Therefore, this policy will require MFA for any user who attempts to access Azure management interfaces.

Understanding the Roles and Their Interaction with Azure Management:

Let’s examine the roles assigned to each user and whether they are likely to interact with Azure management interfaces:

Admin1: Global Administrator

A Global Administrator has full access to all Microsoft Entra ID and Azure resources, including the ability to manage Azure subscriptions, resources, and the Azure portal.

Global Administrators frequently access Azure management interfaces (e.g., the Azure portal) to perform administrative tasks. Therefore, Admin1 will be subject to the Conditional Access policy when they sign in to access Azure management.

Admin2: Conditional Access Administrator

A Conditional Access Administrator can manage Conditional Access policies in Microsoft Entra ID but does not have direct access to Azure management interfaces by default.

This role is focused on Microsoft Entra ID, not Azure resource management. Unless Admin2 has been granted additional Azure roles (e.g., Contributor, Owner), they are unlikely to access Azure management interfaces. The question does not indicate any additional roles for Admin2, so we assume they do not interact with Azure management. Admin3: Authentication Policy Administrator

An Authentication Policy Administrator can manage authentication methods and policies in Microsoft Entra ID (e.g., MFA settings, passwordless authentication).

Like the Conditional Access Administrator, this role is specific to Microsoft Entra ID and does not grant access to Azure management interfaces by default. Admin3 would not typically access Azure management unless assigned additional Azure roles, which are not specified. Admin4: Global Administrator

Like Admin1, Admin4 is a Global Administrator and has full access to Azure management interfaces. Admin4 will be subject to the Conditional Access policy when accessing Azure management. Applying the Conditional Access Policy:

The policy applies to "All users" (default scope of the template) and targets the "Microsoft Azure Management" cloud app.

The policy requires MFA for any user who accesses Azure management interfaces.

Admin1 and Admin4 (Global Administrators):

As Global Administrators, both Admin1 and Admin4 will access Azure management interfaces (e.g., the Azure portal) as part of their administrative duties.

The next time they sign in to access Azure management, the Conditional Access policy (Policy1) will enforce MFA.

Admin2 (Conditional Access Administrator) and Admin3 (Authentication Policy Administrator): These roles do not inherently grant access to Azure management interfaces. Their responsibilities are limited to Microsoft Entra ID tasks, such as managing Conditional Access policies or authentication methods.

Unless Admin2 or Admin3 attempts to access Azure management (which they are not authorized to do by default), the policy will not apply to them. The question asks about the "next time they sign in," but the policy only triggers MFA when accessing the targeted cloud app (Microsoft Azure Management). If Admin2 and Admin3 sign in to Microsoft Entra ID or other apps (e.g., Microsoft 365), the policy does not apply.

Analysis of the Options:

Question #6

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You plan to increase app security for the subscription.

You need to identify which apps do NOT require user authentication

What should you do in the Microsoft 365 Defender portal?

A . Create a discovered app query.
B . Create a snapshot Cloud Discovery report.
C . Create an OAuth policy and review alerts.
D . Review the cloud app catalog.

Reveal Solution Hide Solution

Question #7

HOTSPOT

You have an Azure AD tenant contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), you configure the Global Administrator role as shown in the following exhibit.

User 1 is eligible for the Global Administrator role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Question #8

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

All users who run applications registered in Azure AD are subject to conditional access policies.

You need to prevent the users from using legacy authentication.

What should you include in the conditional access policies to filter out legacy authentication attempts?

A . a cloud apps or actions condition
B . a user risk condition
C . a client apps condition
D . a sign-in risk condition

Reveal Solution Hide Solution

Question #9

You have accounts for the following cloud platforms:

• Azure

• Alibaba Cloud

• Amazon Web Services (AWS)

• Google Cloud Platform (GCP)

You configure an A2ure subscription to use Microsoft Entra Permissions Management to manage the permissions in Azure only.

Which additional cloud platforms can be managed by using Permissions Management?

A . AWS only
B . Alibaba Cloud and AWS only
C . Alibaba Cloud and GCP only
D . AWS and GCP only
E . Alibaba Cloud, AWS, and GCP

Reveal Solution Hide Solution

Question #10

You have an Azure Ad tenant that contains the users show in the following table.

You create a dynamic user group and configure the following rule syntax.

Which users will be added to the group?

A . User1 only
B . User2 only
C . User3 only
D . User1 and User2 only
E . User1 and User3 only
F . User1, User2, and User3

Reveal Solution Hide Solution

1 2 3 4 5 6 7 8 9 10

Exams