Recommend!!

Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

Microsoft
Exam Questions SC-300
Microsoft Identity and Access Administrator

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

NEW QUESTION 1
- (Exam Topic 1)
You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Server1 On DC1

NEW QUESTION 2
- (Exam Topic 2)
You need to allocate licenses to the new users from A. Datum. The solution must meet the technical requirements.
Which type of object should you create?

A. a distribution group
B. a Dynamic User security group
C. an administrative unit
D. an OU

Answer: C

NEW QUESTION 3
- (Exam Topic 2)
You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?

A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
B. From PowerShell, run Set-ADSyncScheduler.
C. From PowerShell, run Start-ADSyncSyncCycle.
D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.

Answer: A

Explanation:
You need to select Customize synchronization options to configure Azure AD Connect to sync the Adatum organizational unit (OU).

NEW QUESTION 4
- (Exam Topic 3)
You need to resolve the recent security incident issues.
What should you configure for each incident? To answer, drag the appropriate policy types to the correct
issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

NEW QUESTION 5
- (Exam Topic 4)
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the
Block/unblock users settings for multi-factor
authentication (MFA).
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
You need to configure the fraud alert settings. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION 6
- (Exam Topic 4)
Your company requires that users request access before they can access corporate applications.
You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.
Which settings should you configure next for MyApp1?

A. Self-service
B. Provisioning
C. Roles and administrators
D. Application proxy

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access

NEW QUESTION 7
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant.
You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past. For how long does Azure AD store events in the sign-in logs?

A. 14 days
B. 30 days
C. 90 days
D. 365 days

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-dataretention# how-long-does-azure-ad-store-the-data

NEW QUESTION 8
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to meet the following requirements:
• Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
• Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9
- (Exam Topic 4)
You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

A. the Administrative units blade in the Azure Active Directory admin center
B. the Set-AzureAdUser cmdlet
C. the Groups blade in the Azure Active Directory admin center
D. the Sec-MsolUserLicense cmdlet

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluserlicense?view=azureadps-1.0

NEW QUESTION 10
- (Exam Topic 4)
You have an Azure AD tenant.
You need to bulk create 25 new user accounts by uploading a template file. Which properties are required in the template file?

A. Option A
B. Option B
C. Option C
D. Option D

Answer: B

NEW QUESTION 10
- (Exam Topic 4)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

You have an Azure AD tenant that contains the users shown in the following table.

You need to compare the role permissions of each user. The solution must minimize administrative effort. What should you use?

A. the Microsoft 365 Defender portal

B. the Microsoft 365 admin center
C. the Microsoft Entra admin center
D. the Microsoft Purview compliance portal

Answer: C

NEW QUESTION 14
- (Exam Topic 4)
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in
the following table.

All the users work remotely.

Azure AD Connect is configured in Azure AD as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost. Which users can sign in to Azure AD?

A. User1 and User3 only

B. User1 only
C. User1, User2, and User3
D. User1 and User2 only

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-current-limitations

NEW QUESTION 17
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

A. home prions

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

B. mobile app notification

C. a mobile app code
D. an email to an address in your organization

Answer: C

NEW QUESTION 21
- (Exam Topic 4)
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant.
The tenant contains the groups shown in the following table.

The tenant contains the users shown in the following table.

You create an access review as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 26
- (Exam Topic 4)
A user named User1 attempts to sign in to the tenant by entering the following incorrect passwords:
Pa55w0rd12
Pa55w0rd12
Pa55w0rd12
Pa55w.rd12
Pa55w.rd123
Pa55w.rd123
Pa55w.rd123
Pa55word12
Pa55word12

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

Pa55word12
Pa55w.rd12
You need to identify how many sign-in attempts were tracked for User1, and how User1 can unlock her account before the 300-second lockout duration expires.
What should identify? To answer, select the appropriate
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Graphical user interface, text, table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment

NEW QUESTION 31
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 ES subscription. You create a user named User1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions. Solution: You assign the Exchange Administrator role to
User1.

A. Yes
B. No

Answer: B

NEW QUESTION 34
- (Exam Topic 4)
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the
alerts instead of you.
Solution: From Azure monitor, you create a data collection rule. Does this meet the goal?

A. Yes
B. No

Answer: B

NEW QUESTION 38
- (Exam Topic 4)
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). You need to identify users that are eligible for the Cloud Application
Administrator role. Which blade in the Privileged Identity Management settings should you use?

A. Azure resources
B. Privileged access groups
C. Review access
D. Azure AD roles

Answer: D

NEW QUESTION 42
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site!. Site! hosts PDF files
You need to prevent users from printing the files directly from Sitel.
Which type of policy should you create in the Microsoft Defender for Cloud Apps portal?

A. activity policy

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

B. file policy
C. access policy
D. session policy

Answer: D

NEW QUESTION 45
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

A. User1 only
B. User1 and Identity1 only
C. User1. Guest1, and Identity
D. User1 and Guest1 only

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan

NEW QUESTION 49
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts. You need to ensure that a new security administrator receives the
alerts instead of you. Solution: From Azure AD, you modify the Diagnostics settings.
Does this meet the goal?

A. Yes
B. No

Answer: A

NEW QUESTION 52
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report.
Which risk detection type is classified as a user risk?

A. impossible travel
B. anonymous IP address
C. atypical travel
D. leaked credentials

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

NEW QUESTION 54
- (Exam Topic 4)
You have a Microsoft 36S subscription. The subscription contains users that use Microsoft Outlook 2016 and Outlook 2013 clients. You need to implement tenant
restrictions. The solution must minimize administrative effort. What should you do first?

A. Upgrade the Outlook 2013 clients to Outlook 2016.

B. Configure the Outlook 2013 clients to use modem authentication.
C. Upgrade all the Outlook clients to Outlook 2019.
D. From the Exchange admin center, configure Organization Sharing.

Answer: A

NEW QUESTION 57
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

For which users can you configure the Job title property and the Usage location property in Azure AD? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 62
- (Exam Topic 4)
You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and self-service password reset (SSPR) enabled.
You enable combined registration in interrupt mode. You create a new user named User1.
Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. a FID02 security key

B. a hardware token
C. a one-time passcode email
D. Windows Hello for Business
E. the Microsoft Authenticator app

Answer: AE

NEW QUESTION 65
- (Exam Topic 4)
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam. You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses. What should you do? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Text Description automatically generated

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-re https://docs.microsoft.com/en-us/azure/active-
directory/governance/entitlement-management-access-package-cr

NEW QUESTION 70
- (Exam Topic 4)
You have an Azure subscription that contains the users shown in the following table.

You need to implement Azure AD Privileged Identity Management (PIM). Which users can use PIM to activate their role permissions?

A. Admin! only
B. Admin2 only
C. Admin3 only
D. Admin1 and Admin2 only
E. Admin2 and Admin3 only
F. Admin1, Admin2, and Admin3

Answer: D

NEW QUESTION 73
- (Exam Topic 4)
Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

A. Expire eligible assignments after from the Role settings details

B. Expire active assignments after from the Role settings details
C. Assignment type to Active
D. Assignment type to Eligible

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 76
- (Exam Topic 4)
You have an Azure AD tenant contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), you configure the Global Administrator role as shown in the following exhibit.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

User 1 is eligible for the Global Administrator role.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 78
- (Exam Topic 4)
You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. The domain contains the servers shown in the following table.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

The domain controllers are prevented from communicating to the internet. You implement Azure AD Password Protection on Server1 and Server2. You deploy a
new server named Server4 that runs Windows Server 2019.
You need to ensure that Azure AD Password Protection will continue to work if a single server fails. What should you implement on Server4?

A. Azure AD Connect
B. Azure AD Application Proxy
C. Password Change Notification Service (PCNS)
D. the Azure AD Password Protection proxy service

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premisesdep

NEW QUESTION 80
- (Exam Topic 4)
You have an Azure AD tenant that contains a user named User1 and a registered app named App1. User1 deletes the app registration of Appl.
You need to restore the app registration.
What is the maximum number of days you have to restore the app registration from when it was deleted?

A. 14
B. 30
C. 60
D. 180

Answer: B

NEW QUESTION 85
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as members to Group3?

A. User2 and Group2 only

B. User2, Group1, and Group2 only
C. User1, User2, Group1 and Group2
D. User1 and User2 only
E. User2 only

Answer: E

Explanation:
Reference:
https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups-nesting/

NEW QUESTION 88
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription. You create a user named User1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions. Solution: You assign the User Administrator role to User1.
Does this meet the goal?

A. Yes
B. No

Answer: B

NEW QUESTION 92
- (Exam Topic 4)
You have an Azure subscription that contains the custom roles shown in the following table.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

You need to create a custom Azure subscription role named Role3 by using the Azure portal. Role3 will use the baseline permissions of an existing role. Which
roles can you clone to create Role3?

A. Role2 only
B. built-in Azure subscription roles only
C. built-in Azure subscription roles and Role2 only
D. built-in Azure subscription roles and built-in Azure AD roles only
E. Role1, Role2 built-in Azure subscription roles, and built-in Azure AD roles

Answer: C

NEW QUESTION 96
- (Exam Topic 4)
You have a Microsoft 365 E5 tenant. You purchase a cloud app named App1.
You need to enable real-time session-level monitoring of App1 by using Microsoft Cloud app Security.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
A picture containing application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-any-app https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad

NEW QUESTION 97
- (Exam Topic 4)
You have an Azure subscription.
Azure AD logs are sent to a Log Analytics workspace.
You need to query the logs and graphically display the number of sign-ins per user.
How should you complete the query? To answer, select the appropriate options in the answer area.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1 = SigninLogs
| where ResultType == 0
| summarize login_count = count() by identity
| render piechart
This query retrieves the sign-in logs, filters the successful sign-ins, summarizes the count of sign-ins per user, and renders the result as a pie chart.
Box 2 = Render

NEW QUESTION 99
- (Exam Topic 4)
You have an Azure AD tenant that contains a user named Admin1.
Admin1 uses the Require password change for high-risk user’s policy template to create a new Conditional Access policy.
Who is included and excluded by default in the policy assignment? To answer, drag the appropriate options to the correct target. Each option may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
A white background with black text Description automatically generated

NEW QUESTION 102

- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account.
You deploy an Azure subscription and enable Microsoft 365 Defender.
You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps.
Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector. Does this meet the goal?

A. Yes
B. No

Answer: B

NEW QUESTION 106

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].
What should you do?

A. Run the New-AzADUser cmdlet.

B. Configure the External collaboration settings.
C. Add a WS-Fed identity provider.
D. Create a guest user account in contoso.com.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-usersportal

NEW QUESTION 109

- (Exam Topic 4)
You have an Azure AD tenant
You open the risk detections report.
Which risk detection type is classified as a user risk?

A. password spray
B. anonymous IP address
C. unfamiliar sign-in properties
D. Azure AD threat intelligence

Answer: A

NEW QUESTION 110

- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains a web app named App1. Guest users are regularly granted access to App1.
You need to ensure that the guest users that have NOT accessed App1 during the past 30 days have their access removed the solution must minimize
administrative effort.
What should you configure?

A. a compliance policy
B. an access review for application access
C. a guest access review
D. a Conditional Access policy

Answer: C

NEW QUESTION 113

- (Exam Topic 4)
You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)

You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service
tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
No No Yes
a) When you assign a group to an application, only users in the group will have access. The assignment does not cascade to nested groups.
b) Tested in lab, existing owners will be replaced. Also direct assignment (resource owner) is path of least privilege. (replicated in test)
c) Application setting 'visible to users' is set to No, then no users see this application on their My Apps portal and O365 launcher.
Reference
a) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal
b) maybe
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups
c) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-properties#visible-to-users

NEW QUESTION 114

- (Exam Topic 4)
You have a custom cloud app named App1 that is registered in Azure Active Directory (Azure AD). App1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal

NEW QUESTION 117

- (Exam Topic 4)
You have a Microsoft 365 subscription that contains a user named User1.
You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principal of least privilege.
Which role should you assign to User1?

A. Privileged role administrator

B. Identify Governance administrator
C. User administrator
D. User Access Administrate

Answer: B

NEW QUESTION 120

- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

The users are assigned the roles shown in the following table.

For which users can User1 and User4 reset passwords? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 123

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution
NOTE: Each correct selection is worth one point.

A. email address
B. redirection URL
C. username
D. shared key
E. password

Answer: AB

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite

NEW QUESTION 127

- (Exam Topic 4)
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO). You need to configure the computers for Azure AD Seamless SSO.
What should you do?

A. Enable Enterprise State Roaming.

B. Configure Sign-in options.
C. Install the Azure AD Connect Authentication Agent.
D. Modify the Intranet Zone settings.

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

NEW QUESTION 128

- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication. Does this meet the goal?

A. Yes
B. No

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

NEW QUESTION 132

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant that contains an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)

Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)

Department1 has the user administrator assignments shown in the Assignments exhibit. (Click the Assignments tab.)

The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units

NEW QUESTION 137

- (Exam Topic 4)
You have a Microsoft 365 tenant and an Active Directory domain named adatum.com. You deploy Azure AD Connect by using the Express Settings.
You need to configure self-service password reset (SSPR) to meet the following requirements:
When users reset their password, they must be prompted to respond to a mobile app notification or answer three predefined security questions.
Passwords must be synced between the tenant and the domain regardless of where the password was reset.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment https://docs.microsoft.com/en-us/azure/active-
directory/authentication/concept-authentication-security-questions

NEW QUESTION 139

- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.

For which resources can you create an access review?

A. Group1, App1, Contributor, and Role1

B. Hotel and Contributor only
C. Group1, Role1, and Contributor only
D. Group1 only

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

Explanation:
Access reviews require an Azure AD Premium P2 license.
Access reviews for Group1 and App1 can be configured in Azure AD Access Reviews.
Access reviews for the Contributor role and Role1 would need to be configured in Privileged Identity Management (PIM). PIM is included in Azure AD Premium P2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-securi https://docs.microsoft.com/en-us/azure/active-
directory/governance/access-reviews-overview

NEW QUESTION 142

- (Exam Topic 4)
You have an Azure subscription that contains the following virtual machine Name: VM1
Azure region: East US
System-assigned managed identity: Disabled
You create the managed identities shown in the following table.

You perform the following actions:

• Assign Managed1 to VM1.
• Create a resource group named RG1 in the West US region.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 144

- (Exam Topic 4)
You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.
You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy. What should you do first?

A. Disable the User consent settings.

B. Disable Security defaults.
C. Configure a multi-factor authentication (Ml A) registration policy1.
D. Configure password protection for Windows Server Active Directory.

Answer: B

NEW QUESTION 147

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SC-300 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SC-300-exam-dumps.html (192 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

SC-300 Practice Exam Features:

* SC-300 Questions and Answers Updated Frequently

* SC-300 Practice Questions Verified by Expert Senior Certified Staff

* SC-300 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* SC-300 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The SC-300 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)