Practice Free SC-300 Exam Online Questions
HOTSPOT
You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.
You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.
Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You need to configure app registration in Azure AD to meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles
HOTSPOT
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with a Microsoft Entra tenant. You need to ensure that user authentication always occurs by validating passwords against the AD DS domain.
What should you configure, and what should you use? To answer, select the appropriate options in the answer are a. NOTE: Each coned selection is worth one point.
You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region.
The subscription contains the resources shown in the following table.
Which resources can use Managed 1 as their identity?
- A . WebApp1 only
- B . storage1 and WebApp1 only
- C . VM1 and WebApp1 only
- D . VM1, storage1, and WebApp1
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication.
What should you include in the conditional access policies to filter out legacy authentication attempts?
- A . a cloud apps or actions condition
- B . a user risk condition
- C . a client apps condition
- D . a sign-in risk condition
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
You have an Azure AD tenant that contains the users shown in the following table.
You enable self-service password reset (SSPR) for all the users and configure SSPR to require security questions as the only authentication method.
Which users must use security questions when resetting their password?
- A . User4 only
- B . User3and User4only
- C . User1 and User4only
- D . User1, User3, and User4 only
- E . User1, User2, User3. and User4
You have a Microsoft 365 tenant.
All users have mobile phones and laptops.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location?
- A . a notification through the Microsoft Authenticator app
- B . email
- C . security questions
- D . a verification code from the Microsoft Authenticator app
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-authenticator-app#verification-code-from-mobile-app
DRAG DROP
You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows. You deploy the Global Secure Access client to the devices.
You need to prevent users from accessing httpsy/contoso.com from the devices
Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these
questions will not appear in the review screen.
You have a Microsoft 365 ES subscription.
You create a user namedUser1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the Security Operator role User1.
Does this meet the goal?
- A . Yes
- B . No
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.
What should you do first?
- A . From the Microsoft Defender for Cloud Apps portal, unsanctioned Facebook.
- B . Create an app configuration policy in Microsoft Endpoint Manager.
- C . Create a Defender for Cloud Apps access policy.
- D . Create a Conditional Access policy.