SC-300 Practice Questions — Page 11

Question 101

Open question ↗

You create a conditional access policy that blocks access when a user triggers a high-severity sign-in alert.

You need to test the policy under the following conditions:

✑ A user signs in from another country.

✑ A user triggers a sign-in risk.

What should you use to complete the test?

A.the Conditional Access What If tool
B.sign-ins logs in Azure Active Directory (Azure AD)
C.the activity logs in Microsoft Defender for Cloud Apps
D.access reviews in Azure Active Directory (Azure AD)

Question 102

Open question ↗

You have an Azure subscription that contains the custom roles shown in the following table.

You need to create a custom Azure subscription role named Role3 by using the Azure portal. Role3 will use the baseline permissions of an existing role.

Which roles can you clone to create Role3?

A.Role2 only
B.built-in Azure subscription roles only
C.built-in Azure subscription roles and Role2 only
D.built-in Azure subscription roles and built-in Azure AD roles only
E.Role1, Role2, built-in Azure subscription roles, and built-in Azure AD roles

Question 103

Open question ↗

Your on-premises network contains an Active Directory domain that uses Microsoft Entra Connect sync to sync with a Microsoft Entra tenant.

You need to configure Microsoft Entra Connect sync to meet the following requirements:

• Microsoft Entra sign-ins must be authenticated by an Active Directory domain controller.

• Active Directory domain users must be able to use Microsoft Entra self-service password reset (SSPR).

• Minimize administrative effort.

What should you use for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 104

Open question ↗

You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant. The tenant contains the users shown in the following table.

Sub1 contains a resource group named RG1.

The tenant contains the groups shown in the following table.

You deploy a virtual machine named VM1 to RG1. VM1 runs Windows Server and has Microsoft Entra login enabled.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 105

Open question ↗

You have an Azure subscription that contains the following virtual machine:

• Name: V1

• Azure region: East US

• System-assigned managed identity: Disabled

You create the managed identities shown in the following table.

You perform the following actions:

• Assign Managed1 to V1.

• Create a resource group named RG1 in the West US region.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 106

Open question ↗

You have an Azure subscription that contains the key vaults shown in the following table.

The subscription contains the users shown in the following table.

On June 1, Admin4 performs the following actions:

• Deletes a certificate named Certificate1 from KeyVault1

• Deletes a secret named Secret1 from KeyVault2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question 107

Open question ↗

You have a management group named Group1 that contains two Azure subscriptions named Sub1 and Sub2. The subscriptions are linked to a Microsoft Entra tenant that contains a user named User1.

You need to ensure that User1 can onboard Sub1 to Permissions Management. The solution must follow the principle of least privilege.

Which permission should you grant to User1?

A.Microsoft.Authorization/roleAssignments/read for Sub1
B.Microsoft.Authorization/roleAssignments/write for Group1
C.MicrosoftAuthorization/roleAssignments/write for Sub1
D.Microsoft.Authorization/roleAssignments/read for Group1

Question 108

Open question ↗

You have an Azure Active Directory (Azure AD) tenant.

You configure self-service password reset (SSPR) by using the following settings:

• Require users to register when signing in: Yes

• Number of methods required to reset: 1

What is a valid authentication method available to users?

A.a smartcard
B.a mobile app code
C.a mobile app notification
D.an email to an address outside your organization

Question 109

Open question ↗

You create a new Microsoft 365 E5 tenant.

You need to ensure that when users connect to the Microsoft 365 portal from an anonymous IP address, they are prompted to use multi-factor authentication (MFA).

What should you configure?

A.a sign-in risk policy
B.a user risk policy
C.an MFA registration policy

Question 110

Open question ↗

You have a Microsoft 365 tenant.

You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

You view the User administrator role assignments as shown in the Role assignments exhibit. (Click the Role assignments tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.