Practice Free SC-300 Exam Online Questions
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].
What should you do?
- A . Run theNew-AzureADMSInvitationcmdlet.
- B . Configure the External collaboration settings.
- C . Add a WS-Fed identity provider.
- D . Implement Azure AD Connect.
A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0
HOTSPOT
You have an Azure AD tenant named contoso.com that contains a group named All Company and has the following Identity Governance settings:
• Block external users from signing in to this directory: Yes
• Remove external user Yes
• Number of days before removing external user from this directory: 30
On March 1, 2022, you create an access package named Package1 that has the following settings:
• Resource roles
o Name: All Company
o Type: Group and Team
o Role: Member
• Lifecycle
o Access package assignment expire: On date
o Assignment expiration date: April 1, 2022
On March 1, 2022, you assign Package1 to the guest users shown in the following table.
On March 2, 2022, you assign the Reports reader role to Guest1.
On April 1(2022, you invite a guest user named Guest3 to contoso.com.
On April 4, 2022, you add Guest3 to the All Company group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 tenant.
You need to Identity users who have leaked credentials.
The solution must meet the following requirements:
• Identity sign-ms by users who are suspected of having leaked credentials.
• Flag the sign-ins as a high-risk event.
• Immediately enforce a control to mitigate the risk, while still allowing the user to access applications.
What should you use? To answer, select the appropriate options m the answer area.
HOTSPOT
You have Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit. (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to grant permissions to the resources by using attribute-based access control (ABAC).
To which resource can you grant permissions?
- A . Vault1
- B . VM1
- C . App1
- D . storage 1
HOTSPOT
You have a Microsoft 365 E5 subscription that contains three groups named Groups1, Group2, and Group3, and the users shown in the following table.
You create a Conditional Access policy named CAT that has the following settings:
• Users
° Include
■ Users and groups: Group1 o Exclude
■ Users and groups: Group2
■ Directory roles: Global Administrator o Target resources
■ Include: All cloud apps
o Access controls
■ Grant: Require multifactor authentication
You create a Conditional Access policy named CA2 that has the following settings:
• Users
° Include
■ Users and groups: Group2 o Exclude
■ Users and groups: Group3 o Target resources
■ Include: All cloud apps
o Access controls
■ Grant: Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SIMULATION
Task 7
You need to lock out accounts for five minutes when they have 10 failed sign-in attempts.
Open the Microsoft Entra admin center:
Sign in with an account that has the Security Administrator or Global Administrator role.
Navigate to the lockout settings:
Go to Security > Authentication methods > Password protection.
Adjust the Smart Lockout settings:
Set the Lockout threshold to 10 failed sign-in attempts.
Set the Lockout duration (in minutes) to 5.
Please note that by default, smart lockout locks an account from sign-in after 10 failed attempts in Azure Public and Microsoft Azure operated by 21Vianet tenants1. The lockout period is one minute at first, and longer in subsequent attempts. However, you can customize these settings to meet your organization’s requirements if you have Microsoft Entra ID P1 or higher licenses for your users1.
HOTSPOT
You have a Microsoft Entra tenant that contains the identities shown in the following table.
Group1 has the following configurations:
• Owners: User1, User4
• Members: User1, Managed2, Gioup2
You create an access review that has the following settings:
• Name: Review1
• Review scope: Select Teams + Groups
• Group: Group1
• Scope: All users
• Select reviewers: Group owner(s)
The Fallback reviewers: setting is NOT configured.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription named Sub1 that contains a user named User1.
You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.
Which role should you assign to User1?
- A . User Access Administrator
- B . Permissions Management Administrator
- C . Billing Administrator
- D . Global Administrator