SC-300 Questions and Answers

Question # 6

You need to resolve the recent security incident issues.

What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access

Question # 7

You need implement the planned changes for application access to organizational data. What should you configure?

authentication methods

the User consent settings

access packages

an application proxy

Full Access

Question # 8

You need to implement the planned changes for litware.com. What should you configure?

Azure AD Connect cloud sync between the Azure AD tenant and litware.com

Azure AD Connect to include the litware.com domain

staging mode in Azure AD Connect for the litware.com domain

Full Access

Question # 9

You need to meet the technical requirements for the probability that user identifies were compromised.

What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 10

You need to allocate licenses to the new users from A. Datum. The solution must meet thetechnical requirements.

Which type of object should you create?

a distribution group

a Dynamic User security group

an administrative unit

an OU

Full Access

Question # 11

You need to resolve the issue of I-.Group1. What should you do first?

Recreate the IT-Group 1 group.

Change Membership type of IT-Group1 to Dynamic Device

Add an owner to IT_Group1.

Change Membership type of IT-Group1 to Dynamic User

Full Access

Question # 12

You need to implement the planned changes for Package1. Which users can create and manage the access review?

User3 only

User4 only

User5 only

User3 and User4

User3 and User5

User4and User5

Full Access

Question # 13

You need to meet the technical requirements for license management by the helpdesk administrators.

What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 14

You create a Log Analytics workspace.

You need to implement the technical requirements for auditing.

What should you configure in Azure AD?

Company branding

Diagnostics settings

External Identities

App registrations

Full Access

Question # 15

You need to locate licenses to the A. Datum users. The solution must need the technical requirements.

Which type of object should you create?

A Dynamo User security group

An OU

A distribution group

An administrative unit

Full Access

Question # 16

You need to implement the planned changes and technical requirements for the marketing department.

What should you do? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Question # 17

You have an Azure AD tenant that contains the users shown in the following table.

You need to compare the role permissions of each user. The solution must minimizeadministrative effort.

What should you use?

the Microsoft 365 Defender portal

the Microsoft 365 admin center

the Microsoft Entra admin center

the Microsoft Purview compliance portal

Full Access

Question # 18

You have an Azure subscription, a Google Cloud Platform (GCP) account, and an Amazon Web Services (AWS) account.

You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort

What should you include in the recommendation?

Microsoft Sentinel

Microsoft Defender for Cloud Apps

Microsoft Entra ID Protection

Microsoft Entra Permissions Management

Full Access

Question # 19

You need to meet the planned changes for the User administrator role.

What should you do?

Create an access review.

Modify Role settings

Create an administrator unit.

Modify Active Assignments.

Full Access

Question # 20

You need to sync the ADatum users. The solution must meet the technical requirements.

What should you do?

From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.

From PowerShell, run Set-ADSyncScheduler.

From PowerShell, run Start-ADSyncSyncCycle.

From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.

Full Access

Question # 21

You need to meet the planned changes and technical requirements for App1.

What should you implement?

a policy set in Microsoft Endpoint Manager

an app configuratifon policy in Microsoft Endpoint Manager

an app registration in Azure AD

Azure AD Application Proxy

Full Access

Question # 22

You need to meet the technical requirements for the probability that user identities were compromised.

What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Question # 23

You have an Azure subscription named Sub1.

You plan to deploy Microsoft Entra Permissions Management.

You need to ensure that Permission Management can onboard Sub1. The solution must follow the principle of least privilege.

How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 24

You have an Azure subscription that contains a user named User! and two resource groups named RG1 and RG2.

You need to ensure that User1 can perform the following tasks:

• View all resources.

• Restart virtual machines.

• Create virtual machines in RG1 only.

• Create storage accounts in RG1 only.

What is the minimum number of role-based access control (RBAC) role assignment* required?

Full Access

Question # 25

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

You have 100 IT administrators who are organized into 10 departments.

You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.

You need to ensure that the manager of each department receives the access reviews of their respective department.

Solution: You set Reviewers toMember (self).

Does this meet the goal?

Yes

Full Access

Question # 26

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 tenant.

All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) whenaccessing Microsoft 365 services.

Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.

You need to block the users automatically when they report an MFA request that they did not initiate.

Solution: From the Azure portal, you configure the Notifications settings for multi-factor authentication (MFA).

Does this meet the goal?

Yes

Full Access

Question # 27

You have a Microsoft 365 E5 subscription. The subscription contains 500 devices that run Windows

You deploy the Global Secure Access client to the devices.

You need to prevent users from accessing httpsy/contoso.com from the devices

Which three actions should you perform in sequence? To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access

Question # 28

You have a Microsoft Entra tenant that contains the users shown in the following table.

You add the following assignment for the User Administrator role:

• Scope type: Directory

• Selected members: Group1

• Assignment type: Active

• Assignments starts August 15. 2022

• Assignment ends: December 15, 2022

You add the following assignment for the Exchange Administrator role:

• Scope type: Directory

• Selected members: Group2

• Assignment type: Eligible

• Assignments starts: October 15, 2022

• Assignment ends: January 15. 2023

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access

Question # 29

You have a Microsoft Entra tenant.

You configure self-service password reset (SSPR) with the following settings:

Require users to register when signing in: Yes

Number of methods required to reset: 1

What is a valid authentication method available to users?

A smartcard

A mobile app code

An FIDO2 security token

A Windows Hello PIN

Full Access

Answer:

Explanation:

Comprehensive and Detailed In-Depth Explanation:

Let’s break this down step by step based on Microsoft Entra ID self-service password reset (SSPR) settings and the available authentication methods, as outlined in Microsoft Identity and Access Administrator documentation.

Understanding Self-Service Password Reset (SSPR) in Microsoft Entra ID:

Self-service password reset (SSPR) allows users to reset their passwords without administrator intervention, improving security and reducing helpdesk workload.

The settings provided are:

Require users to register when signing in: Yes– Users must register their authentication methods (e.g., phone number, email, security questions) the first time they sign in. This ensures they have methods available for SSPR.

Number of methods required to reset: 1– Users must verify their identity using one authentication method to reset their password. This is the minimum number of methods required, meaning users must have at least one method registered, and they will use one method during the reset process.

Available Authentication Methods for SSPR:

Microsoft Entra ID SSPR supports a specific set of authentication methods that users can use to verify their identity during a password reset. These methods are configured by the administrator in the Microsoft Entra admin center under "Password reset" settings.

The default authentication methods available for SSPR include:

Email:Users receive a code sent to an alternate email address.

Mobile phone (SMS):Users receive a code via SMS to their registered mobile phone.

Mobile app code:Users use a code generated by the Microsoft Authenticator app (or another compatible authenticator app).

Mobile app notification:Users receive a push notification in the Microsoft Authenticator app to approve the reset.

Security questions:Users answer predefined security questions they set up during registration.

Important Note:Methods like smartcards, FIDO2 security tokens, and Windows Hello are not supported for SSPR. These methods are typically used for authentication during sign-in (e.g., MFA or passwordless sign-in), not for the SSPR process.

Analysis of the Options:

A. A smartcard:

Smartcards are a form of certificate-based authentication often used for sign-in to Windows devices or VPNs. They require a physical card and a reader, and they are typically used for primary authentication, not for SSPR.

Microsoft Entra ID SSPR does not support smartcards as an authentication method for password reset. Smartcards are not listed as an available method in the SSPR configuration settings.

Conclusion:This is incorrect.

B. A mobile app code:

A mobile app code refers to a time-based one-time password (TOTP) generated by an authenticator app, such as the Microsoft Authenticator app.

This is a supported method for SSPR in Microsoft Entra ID. Users can register the Microsoft Authenticator app (or another compatible app) and use the generated code to verify their identity during a password reset.

Since the setting "Number of methods required to reset: 1" means only one method is needed, a mobile app code is a valid option if the user has registered it.

Conclusion:This is correct.

C. An FIDO2 security token:

FIDO2 security tokens (e.g., YubiKey) are hardware-based security keys that support passwordless authentication in Microsoft Entra ID. They are part of Microsoft’s passwordless authentication strategy and can be used for sign-in.

However, FIDO2 security tokens are not supported for SSPR. The SSPR process does not allow users to verify their identity using a FIDO2 security key because the reset process is designed to work with simpler, more accessible methods like email, SMS, or app-based codes.

Conclusion:This is incorrect.

D. A Windows Hello PIN:

Windows Hello PIN is a device-specific authentication method used to sign in to Windows devices. It is part of Windows Hello, which also includes biometric authentication (e.g., facial recognition, fingerprint).

Windows Hello PIN is not supported for SSPR in Microsoft Entra ID. The SSPR process occurs in a web-based portal (e.g., aka.ms/sspr) and does not integrate with device-specific authentication methods like Windows Hello. Additionally, Windows Hello PIN is tied to a specific device, whereas SSPR is designed to be device-agnostic.

Conclusion:This is incorrect.

Additional Considerations:

The setting "Require users to register when signing in: Yes" ensures that users have at least one authentication method registered. However, the question does not specify which methods are enabled by the administrator. In Microsoft Entra ID, the default enabled methods for SSPR typically include email, mobile phone (SMS), mobile app code, and mobile app notification. Security questions may also be enabled but are less common due to security concerns.

If the administrator has disabled certain methods (e.g., mobile app code), the answer could change. However, the question does not indicate any such restrictions, so we assume the default methods are available.

The "Number of methods required to reset: 1" setting means users only need to use one method to reset their password, but they may have multiple methods registered. The question asks for a "valid authentication method available to users," so we need to identify a method that SSPR supports.

Conclusion:Based on the SSPR settings and the supported authentication methods in Microsoft Entra ID:

A mobile app code (option B) is a valid authentication method for SSPR, as it is supported by default and aligns with the configuration.

Smartcards, FIDO2 security tokens, and Windows Hello PIN are not supported for SSPR.Therefore, the correct answer isB.

[References:, Microsoft Entra ID documentation: "Self-service password reset authentication methods" (Microsoft Learn:https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-howitworks#authentication-methods), Microsoft Entra ID documentation: "Configure self-service password reset" (Microsoft Learn:https://learn.microsoft.com/en-us/entra/identity/authentication/howto-sspr-deployment), Microsoft Identity and Access Administrator (SC-300) exam study guide, which covers SSPR configuration and supported authentication methods., , , ]

Question # 30

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Active Directory forest that syncs to a Microsoft Entra tenant.

You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Microsoft Entra for up to 30 minutes.

You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Microsoft Entra.

Solution: You configure Microsoft Entra Password Protection.

Does this meet the goal?

Yes

Full Access

Question # 31

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Question # 32

You need to meet the authentication requirements for leaked credentials.

What should you do?

Enable federation with PingFederate in Azure AD Connect.

Configure Azure AD Password Protection.

Enable password hash synchronization in Azure AD Connect.

Configure an authentication method policy in Azure AD.

Full Access

Question # 33

You need to configure the detection of multi-staged attacks to meet the monitoring requirements.

What should you do?

Customize the Azure Sentinel rule logic.

Create a workbook.

Add Azure Sentinel data connectors.

Add an Azure Sentinel playbook.

Full Access

Question # 34

You need to implement password restrictions to meet the authentication requirements.

You install the Azure AD password Protection DC agent on DC1.

What should you do next? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access

Question # 35

You need to create the LWGroup1 group to meet the management requirements.

How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access

Question # 36

You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements.

What should you configure?

named locations that have a private IP address range

named locations that have a public IP address range

trusted IPs that have a public IP address range

trusted IPs that have a private IP address range

Full Access

Question # 37

You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Question # 38

You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.

What should you do first?

Modify the User consent settings for the enterprise applications.

Create a catalog.

Create a program.

Modify the Admin consent requests settings for the enterprise applications.

Full Access

Question # 39

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Question # 40

You need to configure app registration in Azure AD to meet the delegation requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

Full Access

Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

DumpsTool Header

dumpstool logo

SC-300 Questions and Answers

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Explanation:

Quick Links

Why Us

Updated Exams

Site Secure

Footer