Up To The Immediate Present Microsoft Identity And Access Administrator SC-300 Free Samples

NEW QUESTION 1

You have an on-premises datacenter that contains the hosts shown in the following table.

You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

You have an Azure Active Directory (Azure AD) tenant that has the default App registrations settings. The tenant contains the users shown in the following table.

You purchase two cloud apps named App1 and App2. The global administrator registers App1 in Azure AD. You need to identify who can assign users to App1, and who can register App2 in Azure AD.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure monitor, you modify the action group.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 4

You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User1, and User3,
You create a group named Group1. You add User2 and User3 to Group1.
You configure a role in Azure AD Privileged identity Management (PIM) as shown in the application administrator exhibit. (Click the application Administrator tab.)

Group1 is configured as the approver for the application administrator role. You configure User2to be eligible for the application administrator role.
For User1, you add an assignment to the Application administrator role as shown in the Assignment exhibit. (Click Assignment tab)

For each of the following statement, select Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log that contains conditional access policy data. What should you export from Azure AD?

• A. sign-ins in JSON format
• B. sign-ins in CSV format
• C. audit logs in JSON format
• D. audit logs in CSV format

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs

NEW QUESTION 6

You have a Microsoft 365 tenant.
You need to Identity users who have leaked credentials. The solution must meet the following requirements:
• Identity sign-ms by users who are suspected of having leaked credentials.
• Flag the sign-ins as a high-risk event.
• Immediately enforce a control to mitigate the risk, while still allowing the user to access applications. What should you use? To answer, select the appropriate options m the answer area.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

You need to meet the technical requirements for license management by the helpdesk administrators.
What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

You have an Azure subscription.
You need to create two custom roles named Role1 and Role2. The solution must meet the following
requirements:
• Users that are assigned Role1 can create or delete instances of Azure Container Apps.
• Users that are assigned Role2 can enforce adaptive network hardening rules.
Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 10

You need to resolve the issue of I-.Group1. What should you do first?

• A. Recreate the IT-Group 1 group.
• B. Change Membership type of IT-Group1 to Dynamic Device
• C. Add an owner to IT_Group1.
• D. Change Membership type of IT-Group1 to Dynamic User

Answer: A

NEW QUESTION 11

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table.

Which users will be emailed a passcode?

• A. User2 only
• B. User1 only
• C. User1 and User2 only
• D. User1, User2, and User3

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/one-time-passcode

NEW QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Reference:
D18912E1457D5D1DDCBD40AB3BF70D5D
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 13

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory domain.
The on-premises network contains a VPN server that authenticates to the on-premises Active Directory
domain. The VPN server does NOT support Azure Multi-Factor Authentication (MFA). You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?

• A. Azure AD Application Proxy
• B. an Azure AD Password Protection proxy
• C. Network Policy Server (NPS)
• D. a pass-through authentication proxy

Answer: C

NEW QUESTION 14

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure AD as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost. Which users can sign in to Azure AD?

• A. User1 and User3 only
• B. User1 only
• C. User1, User2, and User3
• D. User1 and User2 only

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-current-limitations

NEW QUESTION 15

Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant. The tenant contains the shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost. Which user can sign in to Azure AD?

• A. User1 only
• B. User1 and User 3 only
• C. User1, and User2 only
• D. User1, User2, and User3

Answer: B

NEW QUESTION 16

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure the exiting Azure AD Connect server in Contoso Cast to sync the Contoso East ActiveDirectory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
• D. Invite the Contoso East users as guests in the Contoso West tenant.

Answer: D

NEW QUESTION 17

Your company requires that users request access before they can access corporate applications.
You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.
Which settings should you configure next for MyApp1?

• A. Self-service
• B. Provisioning
• C. Roles and administrators
• D. Application proxy

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access

NEW QUESTION 18
......