Practice Free SC-300 Exam Online Questions
A user named User1 receives an error message when attempting to access the Microsoft Defender for Cloud Apps portal.
You need to identify the cause of the error. The solution must minimize administrative effort.
What should you use?
- A . Log Analytics
- B . sign-in logs
- C . audit logs
- D . provisioning logs
You need to create an advanced hunting query to investigate the executive team issue.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure AD tenant and a .NET web app named App1. You need to register App1 for Azure AD authentication.
What should you configure for App1?
- A . the executable name
- B . the bundle ID
- C . the package name
- D . the redirect URI
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You plan to manage the lifecycles of the groups.
Which groups can be set to expire, and what is the shortest group lifetime you can set? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure AD tenant that uses Azure AD Identity Protection and contains the resources shown in the following table.
Azure Multi-Factor Authentication (MFA) is enabled for all users.
User1 triggers a medium severity alert that requires additional investigation.
You need to force User1 to reset his password the next time he signs in. the solution must minimize administrative effort.
What should you do?
- A . Configure a sign-in risk policy.
- B . Mark User1 as compromised.
- C . Reconfigure the user risk policy to trigger on medium or low severity.
- D . Reset the Azure MFA registration for User1.
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.
You need to ensure that AKS1 can access DB1.
The solution must meet the following requirements:
• Ensure that AKS1 uses the managed identity to access DB1.
• Follow the principle of least privilege.
Which role should you assign to the managed identity of AKS1.
- A . For R61, assign the Azure Cosmos DB Data Reader Role role.
- B . For Sub1. assign the Owner role.
- C . For RG1, assign the Reader role.
- D . For DB1, assign the Azure Cosmos DB Account Reader Role role.
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You add the following assignment for the User Administrator role:
• Scope type: Directory
• Selected members: Group1
• Assignment type: Active
• Assignments starts August 15. 2022
• Assignment ends: December 15, 2022
You add the following assignment for the Exchange Administrator role:
• Scope type: Directory
• Selected members: Group2
• Assignment type: Eligible
• Assignments starts: October 15, 2022
• Assignment ends: January 15. 2023
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the users shown in the following table.
You need to implement Azure AD Privileged Identity Management (PIM).
Which users can use PIM to activate their role permissions?
- A . Admin! only
- B . Admin2 only
- C . Admin3 only
- D . Admin1 and Admin2 only
- E . Admin2 and Admin3 only
- F . Admin1, Admin2, and Admin3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to a Microsoft Entra tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Microsoft Entra for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Microsoft Entra. Solution: You configure Microsoft Entra Password Protection.
Does this meet the goal?
- A . Yes
- B . No
You create a conditional access policy that blocks access when a user triggers a high-seventy sign-in alert.
You need to test the policy under the following conditions;
• A user signs in from another country.
• A user triggers a sign-in risk.
What should you use to complete the test?
- A . the Conditional Access What If tool
- B . sign-ins logs in Azure AD
- C . access reviews in Azure AD
- D . the activity logs in Microsoft Defender for Cloud Apps