Most Up-to-date SC-300 Dump For Microsoft Identity And Access Administrator Certification

NEW QUESTION 1

You need to allocate licenses to the new users from A. Datum. The solution must meet the technical requirements.
Which type of object should you create?

• A. a distribution group
• B. a Dynamic User security group
• C. an administrative unit
• D. an OU

Answer: C

NEW QUESTION 2

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication
(MFA).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
You need to configure the fraud alert settings. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION 3

You have a Microsoft 365 E5 subscription.
You need to create a Microsoft Defender for Cloud Apps session policy. What should you do first?

• A. From the Microsoft Defender for Cloud Apps portal, select User monitoring.
• B. From the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance
• C. From the Azure Active Directory admin center, create a Conditional Access policy.
• D. From the Microsoft Defender for Cloud Apps portal, create a continuous report.

Answer: A

NEW QUESTION 4

You have an Azure AD tenant that contains the users shown in the following table.

You have the Azure AD Identity Protection policies shown in the following table.

You review the Risky users report and the Risky sign-ins report and perform actions for each user as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You need to configure app registration in Azure AD to meet the delegation requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 6

You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Select Require justification on activation
• B. Set all assignments to Active
• C. Set all assignments to Eligible
• D. Modify the Expire eligible assignments after setting.
• E. Select Require ticket information on activation.

Answer: AB

NEW QUESTION 7

You have a Microsoft 365 E5 subscription.
You purchase the app governance add-on license. You need to enable app governance integration. Which portal should you use?

• A. the Microsoft Defender for Cloud Apps portal
• B. the Microsoft 365 admin center
• C. Microsoft 365 Defender
• D. the Azure Active Directory admin center
• E. the Microsoft Purview compliance portal

Answer: A

NEW QUESTION 8

Your network contains an on-premises Active Directory Domain services (AD DS) domain that syncs with an Azure AD tenant. The AD DS domain contains the organizational units (OUs) shown in the following table.

You need to create a break-glass account named BreakGlass.
Where should you create BreakGlass, and which role should you assign to BreakGlass? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 9

You have a Microsoft 365 ES subscription that user Microsoft Defender for Cloud Apps and Yammer. You need prevent users from signing in to Yammer from high-risk locations.
What should you do in the Microsoft Defender for Cloud Apps portal?

• A. Create an access Policy.
• B. Create an activity policy.
• C. Unsanction Yammer.
• D. Create an anomaly detection policy.

Answer: A

NEW QUESTION 10

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site!. Site! hosts PDF files
You need to prevent users from printing the files directly from Sitel.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

• A. activity policy
• B. file policy
• C. access policy
• D. session policy

Answer: D

NEW QUESTION 11

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
A device named Device1
Users named User1, User2, User3, User4, and User5
Groups named Group1, Group2, Group3, Group4, and Group5 The groups are configured as shown in the following table.

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

• A. Group1 and Group4 only
• B. Group1, Group2, Group3, Group4, and Group5
• C. Group1 and Group2 only
• D. Group1 only
• E. Group1, Group2, Group4, and Group5 only

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced

NEW QUESTION 12

You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)

Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)

Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)

The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 13

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

• A. Group1 only
• B. Group1 and Group4 only
• C. Group1 and Group2 only
• D. Group1, Group2, Group4, and Group5 only
• E. Group1, Group2, Group3, Group4 and Group5

Answer: D

Explanation:
You cannot create access reviews for device groups. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 14

You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled. The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

You need to locate licenses to the A. Datum users. The solution must need the technical requirements. Which type of object should you create?

• A. A Dynamo User security group
• B. An OU
• C. A distribution group
• D. An administrative unit

Answer: D

NEW QUESTION 16

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 17

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of user1@outlook.com.
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com.
What should you do?

• A. Run the New-AzADUser cmdlet.
• B. Configure the External collaboration settings.
• C. Add a WS-Fed identity provider.
• D. Create a guest user account in contoso.com.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-usersportal

NEW QUESTION 18
......