Microsoft Microsoft Certifications SC-300 Questions & Answers

• Question 31:

  Your company purchases 2 new Microsoft 365 ES subscription and an app named App.

  You need to create a Microsoft Defender for Cloud Apps access policy for App1.

  What should you do you first? (Choose Correct Answer based on Microsoft Identity and Access Administrator at microsoft.com)

  A. Configure a Token configuration for App1.

  B. Add an API permission for App.

  C. Configure a Conditional Access policy to use app-enforced restrictions.

  D. Configure a Conditional Access policy to use Conditional Access App Control.

  Correct Answer: C

  https://learn.microsoft.com/en-us/defender-cloud-apps/access-policy-aad To create a Microsoft Defender for Cloud Apps access policy for App1, you should configure a Conditional Access policy to use app-enforced restrictions. This will allow you to control access to your cloud apps based on conditions such as user, device, location, and app state. You can also use app-enforced restrictions to control access to your cloud apps based on the state of the app, such as whether it's running on a managed or unmanaged device.

• Question 32:

  You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.

  A contractor uses the credentials of [email protected].

  You need to ensure that you can provide the contractor with access to App1.

  The contractor must be able to authenticate as [email protected].

  What should you do?

  A. Run the New-AzADUser cmdlet.

  B. Configure the External collaboration settings.

  C. Add a WS-Fed identity provider.

  D. Create a guest user account in contoso.com.

  Correct Answer: D

• Question 33:

  You have a Microsoft 365 E5 subscription.

  You create a user named User1.

  You need to ensure that User1 can update the status of Identity Secure Score improvement actions.

  Solution: You assign the Exchange Administrator role to User1.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

• Question 34:

  You have an Azure Active Directory (Azure AD) Azure AD tenant.

  You need to bulk create 25 new user accounts by uploading a template file.

  Which properties are required in the template file?

  A. displayName, identityIssuer, usageLocation, and userType

  B. accountEnabled, givenName, surname, and userPrincipalName

  C. accountEnabled, displayName, userPrincipalName, and passwordProfile

  D. accountEnabled, passwordProfile, usageLocation, and userPrincipalName

  Correct Answer: C

• Question 35:

  You have a Microsoft 365 E5 subscription.

  You create a user named User1.

  You need to ensure that User1 can update the status of Identity Secure Score improvement actions.

  Solution: You assign the User Administrator role to User1.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 36:

  You have an Azure Active Directory (Azure AD) tenant that uses Azure AD Identity Protection and contains the resources shown in the following table.

  

  Azure Multi-factor Authentication (MFA) is enabled for all users.

  User1 triggers a medium severity alert that requires additional investigation.

  You need to force User1 to reset his password the next time he signs in. The solution must minimize administrative effort.

  What should you do?

  A. Reconfigure the user risk, policy to trigger on medium or low severity.

  B. Mark User1 as compromised.

  C. Reset the Azure MIFA registration for User1.

  D. Configure a sign-in risk policy.

  Correct Answer: B

• Question 37:

  You have a Microsoft 365 tenant.

  All users have mobile phones and laptops.

  The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity.

  While working from the remote locations, the users connect their laptop to a wired network that has internet access.

  You plan to implement multi-factor authentication (MFA).

  Which MFA authentication method can the users use from the remote location?

  A. a notification through the Microsoft Authenticator app

  B. email

  C. security questions

  D. a verification code from the Microsoft Authenticator app

  Correct Answer: D

• Question 38:

  You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

  

  The tenant has the authentication methods shown in the following table.

  

  Which users will sign in to cloud apps by matching a number shown in the app with a number shown on their phone?

  A. User1 only

  B. User2 only

  C. User3 only

  D. User1 and User2 only

  E. User2 and User3 only

  Correct Answer: A

• Question 39:

  You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the conditional access policies shown in the following table.

  

  You need to evaluate which policies will be applied to User1 when User1 attempts to sign-in from various IP addresses. Which feature should you use?

  A. Access reviews

  B. Identity Secure Score

  C. The What If tool

  D. the Microsoft 365 network connectivity test tool

  Correct Answer: C

• Question 40:

  You have a Microsoft 365 tenant.

  All users have mobile phones and Windows 10 laptops.

  The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity.

  While working from the remote locations, the users connect their laptops to a wired network that has internet access.

  You plan to implement multi-factor authentication (MFA).

  Which MFA authentication method can the users use from the remote location?

  A. an app password

  B. voice

  C. Windows Hello for Business

  D. security questions

  Correct Answer: C