Top Tips Of Update SC-300 Practice Question

NEW QUESTION 1

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO). You need to configure the computers for Azure AD Seamless SSO.
What should you do?

• A. Enable Enterprise State Roaming.
• B. Configure Sign-in options.
• C. Install the Azure AD Connect Authentication Agent.
• D. Modify the Intranet Zone settings.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

NEW QUESTION 2

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.

In Azure AD. you add a new enterprise application named Appl. Which groups can you assign to App1?

• A. Group1 and Group
• B. Group2 only
• C. Group3 only
• D. Group1 only
• E. Group1 and Group4

Answer: A

NEW QUESTION 3

Your company has an Azure Active Directory (Azure AD) tenant named Contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwarein.com Both domain names are sued for Fabrikam email addresses.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication
(MFA).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 5

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative
users. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?

• A. Authentication administrator
• B. Helpdesk administrator
• C. Privileged authentication administrator
• D. Security operator

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

NEW QUESTION 6

You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled. The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

• A. User1 only
• B. User1 and Identity1 only
• C. User1. Guest1, and Identity
• D. User1 and Guest1 only

Answer: A

NEW QUESTION 8

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync theContoso East Active Directory forest to the Contoso West tenant.
• D. Create guest accounts for all the Contoso East users in the West tenant.

Answer: D

NEW QUESTION 9

You have a Microsoft 365 E5 tenant. You purchase a cloud app named App1.
You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 10

You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

• A. home prions
• B. mobile app notification
• C. a mobile app code
• D. an email to an address in your organization

Answer: A

NEW QUESTION 11

You need to configure the MFA settings for users who connect from the Boston office. The solution must
meet the authentication requirements and the access requirements. What should you configure?

• A. named locations that have a private IP address range
• B. named locations that have a public IP address range
• C. trusted IPs that have a public IP address range
• D. trusted IPs that have a private IP address range

Answer: B

NEW QUESTION 12

You have a Microsoft 365 tenant.
All users have mobile phones and laptops.
The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location?

• A. a verification code from the Microsoft Authenticator app
• B. security questions
• C. voice
• D. SMS

Answer: B

NEW QUESTION 13

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?

• A. Application Insights in Azure Monitor
• B. access reviews in Azure AD
• C. Cloud App Discovery in Microsoft Cloud App Security
• D. enterprise applications in Azure AD

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports#using-traffic-logs

NEW QUESTION 14

You have an on-premises datacenter that contains the hosts shown in the following table.

You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy

NEW QUESTION 15

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

• A. Group1 only
• B. Group1 and Group4 only
• C. Group1 and Group2 only
• D. Group1, Group2, Group4, and Group5 only
• E. Group1, Group2, Group3, Group4 and Group5

Answer: D

Explanation:
You cannot create access reviews for device groups. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 16

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain. The VPN server doesNOTsupport Azure Multi-Factor Authentication (MFA).
You need to recommend a solution to provide Azure MFA for VPN connections. What should you include in the recommendation?

• A. Azure AD Application Proxy
• B. an Azure AD Password Protection proxy
• C. Network Policy Server (NPS)
• D. a pass-through authentication proxy

Answer: C

NEW QUESTION 17

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18

You have an Azure Active Directory (Azure AD) tenant. For the tenant. Users can register applications Is set to No.
A user named Admin1 must deploy a new cloud app named App1.
You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to Admin1?

• A. Application developer in Azure AD
• B. App Configuration Data Owner for Subscription!
• C. Managed Application Contributor for Subscription!
• D. Cloud application administrator in Azure AD

Answer: A

NEW QUESTION 19

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure password writeback. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

NEW QUESTION 20

You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?

• A. an access policy in Microsoft Cloud App Security.
• B. Terms and conditions in Microsoft Endpoint Manager.
• C. a conditional access policy in Azure AD
• D. a compliance policy in Microsoft Endpoint Manager

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use

NEW QUESTION 21
......