Topic 4: Misc. Questions

You have an Azure AD tenant named contoso.com that contains the resources shown in the following table.
You create a user named Admin 1.

You need to ensure that Admin can enable Security defaults for contoso.com.
What should you do first?

A. Configure Identity Governance

B. Delete Package1

C. Delete CAPolicy1

D. Assign Admin1 the Authentication administrator role for Au1

D.   Assign Admin1 the Authentication administrator role for Au1

Explanation: To enable Security defaults for contoso.com, you should first sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator. Then, browse to Azure Active Directory > Properties and select Manage security defaults. Set the Enable security defaults toggle to Yes and select Save. After that, you can assign Admin1 the Identity Administrator role for Au1 to enable them to manage security defaults for the tenant.

You have a Microsoft 365 tenant.
All users have mobile phones and laptops. The users frequently work from remote locations that do not have Wi-Fi access or mobile phone connectivity. While working from the remote locations, the users connect their laptop to a wired network that has internet access.
You plan to implement multi-factor authentication (MFA).
Which MFA authentication method can the users use from the remote location?

A. a notification through the Microsoft Authenticator app

B. an app password

C. Windows Hello for Business

D. SMS

C.   Windows Hello for Business

Explanation: In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. After an initial two-step verification of the user during enrollment, Windows Hello is set up on the user's device and Windows asks the user to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Windows Hello to authenticate users.

You have an Azure subscription named Sub1 that contains two resource groups named RG1 and RG2. Sub1 contains the users shown in the following table.

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

A. User1 only

B. User1 and Identity1 only

C. User1. Guest1, and Identity

D. User1 and Guest1 only

D.   User1 and Guest1 only

You have a Microsoft Entra tenant that contains the users shown in the following table.

You have an Azure Active Directory Premium P2 tenant.
You create a Log Analytics workspace.
You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?

A. Run the Set-AzureADTenantDetail cmdlet

B. Create an Azure AD workbook.

C. Modify the Diagnostics settings for Azure AD

D. Run the Get-AzureADAuditDirectoryLogs cmdlet

C.   Modify the Diagnostics settings for Azure AD

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure pass-through authentication.
Does this meet the goal?

A. Yes

B. No

A.   Yes

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication.
What should you include in the conditional access policies to filter out legacy authentication attempts?

A. a cloud apps or actions condition

B. a user risk condition

C. a client apps condition

D. a sign-in risk condition

C.   a client apps condition

You have an Azure subscription that contains a user named User1. You need to meet the following requirements:

  • Prevent User1 from being added as an owner of newly registered apps.
  • Ensure that User1 can manage the application proxy settings.
  • Ensure that User2 can register apps.
  • Use the principle of least privilege.
Which role should you assign to User1?

A. Application developer

B. Cloud application administrator

C. Service support administrator

D. Application administrator

D.   Application administrator

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).
Does this meet the goal?

A. Yes

B. No

A.   Yes

Explanation:
The fraud alert feature lets users report fraudulent attempts to access their resources. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt using the Microsoft Authenticator app or through their phone.
The following fraud alert configuration options are available:

  • Automatically block users who report fraud.
  • Code to report fraud during initial greeting.
Page 4 out of 36 Pages
SC-300 Practice Test Previous

Are You Truly Prepared?

Don't risk your exam fee on uncertainty. Take this definitive practice test to validate your readiness for the Microsoft SC-300 exam.

Enroll Now